Tor

From Hidden Wiki
Jump to navigation Jump to search
Unix Assembly language Mathematics Web development I2P
GhostBSD Assembly Programming Tutorial Statistics Django for Beginners MuWire
GUI Artificial intelligence Artificial neural network Machine learning Messenger
Tkinter Artificial intelligence Artificial neural network Machine Learning Mastery with Python Session

Tor (/tɔɹ/, previously an acronym for The Onion Router) is a space within the normal Internet where all users can remain anonymous, activities can remain untraceable, and its resources can remain hidden from the rest of the Internet. If you are reading this page, you are probably using the Tor network.

Technically, Tor is free software for enabling online anonymity and censorship resistance. This software directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis.

Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages, and other communication forms", back to the user and is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential business by keeping their internet activities from being monitored.


Upload files with Orbot on your smartphone

See Orbot article.

Snowflake is a system to defeat internet censorship

Android Tor Browser Alpha

Snowflake

Snowflake is a system to defeat internet censorship. People who are censored can use Snowflake to access the internet. Their connection goes through Snowflake proxies, which are run by volunteers. For more detailed information about how Snowflake works see our documentation wiki.

https://snowflake.torproject.org/?lang=en_US

https://gitlab.torproject.org/legacy/trac/-/wikis/doc/Snowflake/

How to use

Linux

Download tor-browser-linux64-7.5.6_en-US.tar.xz from https://www.torproject.org/download/download-easy.html.en and extract the file.


On terminal, type the below commands:

cd tor-browser_en-US/
./start-tor-browser.desktop

And then it starts. It doesn't need to be installed.


Firefox connects via Tor to Mullvad. Mullvad will be the exit node.

Last updated: 21 January 2021

In this guide we will install the Tor Browser and enable other programs to connect to the internet via the Tor Browser proxy.

Overview

We will first install OpenVPN and configure it to connect to Mullvad via the Tor Browser. Last step is to configure Firefox (or other programs) to connect to Mullvad using our SOCKS5 proxy

The end result is that Firefox connects via Tor to Mullvad ("VPN through Tor"). Mullvad will be the exit node.

The Tor Browser itself will only use the Tor Network.

Programs not configured to use Mullvad's SOCKS5 proxy will connect directly to the internet without using any VPN or Tor at all.

Set-up instructions

Linux

1. Install OpenVPN (OpenVPN installation guide)

2. Download the Tor Browser for Linux

3. Verify signatures.

4. Unpack the Tor Browser (xz -d tor-browser-linux*.xz && tar -vxf tor-browser-linux*.tar)

5. cd into "tor-browser*/Browser/TorBrowser/Data/Tor"

6. Edit torrc-defaults and change CookieAuthentication 1 to CookieAuthentication 0

7. Save the change.

8. Download an OpenVPN configuration file from our website, make sure you select Linux as Platform and 443 TCP as Port (Tor only works with TCP, not UDP).

9. Extract the zip file

10. Edit the OpenVPN configuration file

11. Add the following entries to it: route-nopull route 10.8.0.1 255.255.255.255 socks-proxy 127.0.0.1 9150

12. Save the changes

13. rename the configuration file to something easy to identify like mullvad_tor.conf

14. Start the Tor browser

15. Start OpenVPN using the mullvad_tor.conf

16. Open Firefox (not the tor browser) and then go to our Connection check to check your IP

17. Follow our SOCKS5 guide and then reload the Connection check to verify that the IP address is showing one of Mullvads IP addresses


http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion/en/help/tor-and-mullvad-vpn/

https://mullvad.net/en/help/tor-and-mullvad-vpn/

Tor Plus VPN

You -> VPN/SSH -> Tor

You can route Tor through VPN/SSH services. That might prevent your ISP etc from seeing that you're using Tor (VPN/SSH Fingerprinting below). On one hand, VPNs are more popular than Tor, so you won't stand out as much, on the other hand, in some countries replacing an encrypted Tor connection with an encrypted VPN or SSH connection, will be suspicious as well. SSH tunnels are not so popular.

Once the VPN client has connected, the VPN tunnel will be the machine's default Internet connection, and TBB (Tor Browser Bundle) (or Tor client) will route through it.

This can be a fine idea, assuming your VPN/SSH provider's network is in fact sufficiently safer than your own network.

Another advantage here is that it prevents Tor from seeing who you are behind the VPN/SSH. So if somebody does manage to break Tor and learn the IP address your traffic is coming from, but your VPN/SSH was actually following through on their promises (they won't watch, they won't remember, and they will somehow magically make it so nobody else is watching either), then you'll be better off.

https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#You-VPNSSH-Tor


VPN/SSH Fingerprinting

Using a VPN or SSH does not provide strong guarantees of hiding your the fact you are using Tor from your ISP. VPN's and SSH's are vulnerable to an attack called Website traffic fingerprinting 1. Very briefly, it's a passive eavesdropping attack, although the adversary only watches encrypted traffic from the VPN or SSH, the adversary can still guess what website is being visited, because all websites have specific traffic patterns. The content of the transmission is still hidden, but to which website one connects to isn't secret anymore. There are multiple research papers on that topic. 2 Once the premise is accepted, that VPN's and SSH's can leak which website one is visiting with a high accuracy, it's not difficult to imagine, that also encrypted Tor traffic hidden by a VPN's or SSH's could be classified. There are no research papers on that topic.

What about Proxy Fingerprinting? It has been said above already, that connections to proxies are not encrypted, therefore this attack isn't even required against proxies, since proxies can not hide the fact, you're using Tor anyway.

1 See ​Tor Browser Design for a general definition and introduction into Website traffic fingerprinting. https://2019.www.torproject.org/projects/torbrowser/design/

2 See slides for ​Touching from a Distance: Website Fingerprinting Attacks and Defenses. There is also a ​research paper from those authors. Unfortunately, it's not free. However, you can find free ones using search engines. Good search terms include "Website Fingerprinting VPN". You'll find multiple research papers on that topic. https://www3.cs.stonybrook.edu/~xcai/fp.pdf https://dl.acm.org/doi/10.1145/2382196.2382260

https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#VPNSSHFingerprinting


VPN versus SSH or Proxy

VPN operates on network level. A SSH tunnel can offer a socks5 proxy. Proxies operate on application level. These technical details introduce their own challenges when combining them with Tor.

The problematic thing with many VPN users is, the complicated setup. They connect to the VPN on a machine, which has direct access to the internet.

  • the VPN user may forget to connect to the VPN first
  • without special precautions, when a VPN connection breaks down (VPN server reboot, network problems, VPN process crash, etc.), direct connections without VPN will be made.

To fix this issue you can try something like ​VPN-Firewall. https://github.com/adrelanos/VPN-Firewall

When operating on the application level (using SSH tunnel socks5 or proxies), the problem is that many applications do not honor the proxy settings. Have a look into the Torify HOWTO to get an idea. https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

The most secure solution to mitigate those issues is to use transparent proxying, which is possible for VPN, SSH and proxies.

https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#VPNversusSSHorProxy


You -> X -> Tor

Some people under some circumstances (country, provider) are forced to use a VPN or a proxy to connect to the internet. Other people want to do that for other reasons, which we will also discuss.

TOR Anonymity: Things Not To Do While Using TOR

  • TOR Anonymity: Things Not To Do While Using TOR

May 23, 2018

9 Things you shouldn’t do while using Tor


1. Don’t use your mobile phone for 2-Step verification on Tor

2. Don’t operate user accounts outside TOR

3. Don’t post your personal information


4. Don’t send unencrypted data over TOR

5. Don’t use TOR with Windows

6. Don’t forget to delete cookies and local website data


7. Don’t use TOR for Google Search

8. Don’t use HTTP website on TOR

9. Don’t connect to the same server with and without TOR simultaneously

https://fossbytes.com/tor-anonymity-things-not-using-tor/

Tor redirection vulnerability exit node

  • Obtaining IP Addresses, Even from the Tor Network

June 5, 2019


At a very high level, these are the different conditions required to obtain one’s IP address through a Tor network channel:

  • Use a standard web browser, not the Tor browser
  • Control of a Tor exit node
  • HTTP packet sniffing
  • HTTP 301 cache poisoning


I want to look at each of these conditions independently and review them.

https://www.secplicity.org/2019/06/05/obtaining-ip-addresses-even-from-the-tor-network/

Tor Security

Check that Tor is working

Check your anonymity

These websites test for a large number of potentially identifying characteristics and then report their findings to you. Some even use exploits to try to determine your real IP address.

User agent

A web browser's user agent can sometimes identify a user. By the same token, a changed user agent can also identify a user, particularly when that change is inconsistent with that browser's behavior. Torbutton is a Firefox add-on that in addition to mitigating a number of anonymity risks sets the user agent so that all Torbutton users share the same user agent. See the following links for more information on user agents.

See browser security for more on the subject.


Bridges

If your country censors your Tor using, you should use a bridge.


Start Tor Browser Bundle.


Click the Cancel button before Tor Browser connects to Tor network.


Click the Configure button.


Check the checkbox "Tor is censored in my country"



Bridge Relay Help

Bridges are unlisted relays that make it more difficult to block connections to the Tor Network. Each type of bridge uses a different method to avoid censorship. The obfs ones make your traffic look like random noise, and the meek ones make your traffic look like it's connecting to that service instead of Tor.

Because of how certain countries try to block Tor, certain bridges work in certain countries but not others. If you are unsure about which bridges work in your country, visit torproject.org/about/contact.html#support


Click "Select a built-in bridge". Click "select a bridge". There are for types of bridges: obfs4, fte, meek-azure (works in China), obfs3. None of them works in my countries. It starts a progress to connect to Tor network, but it is stuck and not finished.



Check "Request a bridge from torproject.org" and click the "Request a Bridge..." button. Solve the CAPTCHA to request a bridge.

"Request a bridge from torproject.org" works well in my country.


If you want, you can choose "Provide a vridge I know". Type address:port (one per line).


You can also use a proxy or VPN to connect Tor. Just check the check box "I use a proxy to connect to the Internet" and fill out "Proxy Type", "Address", and "Port." "Username" and "Password" are optional. There are three types for "Proxy Type": SOCKS 4, SOCKS 5, 'HTTP / HTTPS'.



If you want to use a bridges for Android, see the Orbot article.


  • Tor bridges was banned in china mainland almostly?

Apr 01 2018

https://www.reddit.com/r/TOR/comments/88kcp7/tor_bridges_was_banned_in_china_mainland_almostly/


Jun 25, 2018

https://www.reddit.com/r/TOR/comments/8tom7h/china_bridges/


NIT

  • [TUTO] Protect and harden your torrc configration. NIT 2.0

http://bestboytt55akspr.onion/viewtopic.php?f=7&t=4355


  • There's a new NIT being deployed on Tor users. It causes your Tor client to connect to a malicious guard node, revealing your real IP. It isn't OS specific and exploits not only the Tor browser but the Tor network itself. If anyone can bring this to the attention of the Tor devs, please do so right away. This NIT preys on the fact that they're trying to spot malicious exits only and not malicious guards. You can help improve and strengthen the Tor network by bringing this to the attention of the Tor devs, and hopefully get it patched ASAP

http://beepedjhffvat3uwij5fxny72vlj7ugqb67ippjebise6adxf73y3uqd.onion/t/f12ed476529cc226a0e851de63b3068aabb4e72b/

Tor Usage Tips

Use a Google proxy

For IPs issuing a large volume of queries (pretty much any Tor exit node), Google either blocks access outright or requires CAPTCHA + cookies. This is both annoying and bad for privacy. To get around this, search Google using one of the proxies available:

Let your computer retry .onion sites for you

Have you ever tried to visit an .onion site that you know is up, but the connection still times out on the first or second attempt? So you have to sit there and manually command your browser to refresh the page until it finally loads? Yeah that's a pain.

If you're using Privoxy as your http proxy, you can tell it to automatically retry connecting to .onion sites for you by adding the following directive to the config file (e.g. /etc/privoxy/config):

 forwarded-connect-retries 10

The number "10" is only a suggested value. Make it whatever makes sense for you.

If you're using firefox, the Try again extension can do a similar thing inside the browser.

Still having trouble with connectivity? Try building new circuits.

Bypass website registration

First see if someone has already created a publicly shared account on BugMeNot. There used to be a hidden service named BugMeNotRevolution for the same purpose; somebody should recreate it.

Creating one-off email accounts through Gmail, etc. is a pain. Several websites offer disposable email addresses. Use them to receive confirmation emails.

Browse sites over SSL

Obviously if you're accessing your bank account over Tor you need to connect using SSL. But what you may not have realized is that many of the other sites you use day-to-day offer SSL versions, which prevents exit nodes from sniffing and interfering with your browsing.

The EFF has released a great Firefox addon, HTTPS Everywhere, at http://www.eff.org/https-everywhere

Note: make sure to double check that even over SSL your browser is still correctly configured to anonymize your browser characteristics.

Take control of your identity

Build new circuits

Are sites loading really slowly? Have you ever anonymously posted your secret furry pron stash, then wanted to log back in with your normal account—without having the same IP address be used to tie the two activities together? Has some tool gotten a particular exit node banned from your favorite site?

Tor automatically and periodically picks out new nodes to build circuits, however sometimes we need to tell Tor that we want entirely new circuits right now. Fortunately, Tor makes this easy:

  • If you are using Vidalia, select "Use a New Identity" from the Control Panel.
  • Alternatively, as long as you have the ControlPort enabled, you can use the venerable command line tool, netcat, to issue the command. First establish the connection:
 $ nc localhost 9051
 authenticate ""
Then whenever you need to build new circuits, issue the command:
 signal newnym

Specify your exit node

Another way you can control how your traffic is routed, is to specify which exit node you want to use for a connection. What you need to do is modify the URL you type into whatever application you are using by appending the special form ".<exit node>.exit" to the domain name. So for example, to visit http://www.torproject.org/ from the Swedish exit node cassandra, you would enter http://www.torproject.org.cassandra.exit/. Possible uses include making your connections appear to come from a specific country, and to confine your connections to certain exit nodes that are known to work well with a particular site.

Use a Tor-specific live CD

With the possible exception of swap space, doesn't leave any traces and is auto-configured to use Tor.

  • TAILS - Live CD/USB distribution preconfigured to use Tor safely.
  • Liberté Linux - secure, reliable, lightweight and easy to use Gentoo-based LiveUSB/SD/CD Linux distribution with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments.
  • Privatix - LiveCD/USB. Debian, Tor, z.B. Browser and Torbutton. List of installed packages here.
  • Phantomix - LiveCD. Knoppix, Tor, FireFox and Privoxy. List of installed packages here.
  • Oniondsl - LiveCD. DSL. No list available of packages installed.
  • ROCKate (more info)
  • Anonym.OS - LiveCD, older one, based on OpenBSD

OnionCat Usage Tips

  • Always be mindful that any services on your host bound to :: can be accessed by other users of OnionCat. Either have these services bind to an address in a space other than fd87:d87e:eb43::/48 (the hard-coded default) or to an IPv4 address, or simply plug it with an appropriate set of firewall rules.
  • Consider applying bidirectional rate-limiting mechanisms for ICMPv6 communication on the tunnel interface (in case of an accidental or deliberate surge of echo requests/replies occurring), and plugging any known peer exploits associated with the protocol, if not blocking it altogether.
  • Include every OnionCat address that your host is ever expected to perform name resolution upon in your "hosts" file, to prevent pseudo DNS leaks.
  • Easy ways to prevent other potential leaks are still being investigated at this time.

FAQ

Is RSS running over Tor safe or not?

Does it compromise anonymity somehow? Where I can read more about it? And what do you think about Onionforum RSS service? [1]

The RSS family is more a data format than anything else, but it's pretty much implied that the feeds are published over http/https. As long as your RSS feed reader is set to forward the request including the hostname through Tor via an http proxy (typically Privoxy), you should be fine. My Firefox does seem to honor the proxy settings for downloading RSS feeds, but as always you need to check for yourself if there are any leaks.

Never use RSS with a feed reader that is configured to use Tor at some times and not at others. For example, don't subscribe to feeds in Firefox if you use Torbutton to toggle Tor usage on and off. Otherwise, when Tor is bypassed, your feed reader will go out to fetch the feed in the background and give away your IP.

How do I SSH into a hidden service?

See article Setup Anonymous SSH Via Tor Hidden Services

How do I SSH into a hidden service?

See article Setup Anonymous SSH Via Tor Hidden Services


See also