Tor

Tor (/tɔɹ/, previously an acronym for The Onion Router) is a space within the normal Internet where all users can remain anonymous, activities can remain untraceable, and its resources can remain hidden from the rest of the Internet. If you are reading this page, you are probably using the Tor network.

Technically, Tor is free software for enabling online anonymity and censorship resistance. This software directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis.

Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages, and other communication forms", back to the user and is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential business by keeping their internet activities from being monitored.

How to use

Linux

Download tor-browser-linux64-7.5.6_en-US.tar.xz from https://www.torproject.org/download/download-easy.html.en and extract the file.

In terminal, type

cd tor-browser_en-US/
./start-tor-browser.desktop

then it starts. It doesn't need to be installed.

Tor Security

Check that Tor is working

• Are you using Tor? (SSL) - checks IP address
• TorCheck (SSL) - checks several browser settings
• TorStatus - Tor Network Status
  • blutmagie (SSL) - original site
  • all.de (SSL) - mirror
  • MagratheaMajor (SSL) - mirror
  • cyberphunk) - mirror
  • reuckgr.at (SSL) - mirror
  • hermetix - mirror
• showmyip.com (SSL) - Tor-aware and shows detailed information about your exit-node's IP address

Check your anonymity

These websites test for a large number of potentially identifying characteristics and then report their findings to you. Some even use exploits to try to determine your real IP address.

• Metasploit Decloaking Engine - Attempts to find your IP address with client-side vulnerabilities.
• JonDos Anonymity Test (SSL), redirect (SSL), redirect - Shows your HTTP headers as well as your configuration using Java and Javascript.
• Deanonymizer - Shows weaknesses in security, privacy, and anonymity implementations with your web browser (DOWN?).
• Panopticlick (SSL) - rates the rareness of your configuration based on their statistics
• BrowserSpy.dk - has a large number of individual tests

User agent

A web browser's user agent can sometimes identify a user. By the same token, a changed user agent can also identify a user, particularly when that change is inconsistent with that browser's behavior. Torbutton is a Firefox add-on that in addition to mitigating a number of anonymity risks sets the user agent so that all Torbutton users share the same user agent. See the following links for more information on user agents.

• UserAgentString.com - shows and explains your user agent
• How To Change User Agent String
• User-Agents.org - a searchable database of user agents

See browser security for more on the subject.

Tor Usage Tips

Use a Google proxy

For IPs issuing a large volume of queries (pretty much any Tor exit node), Google either blocks access outright or requires CAPTCHA + cookies. This is both annoying and bad for privacy. To get around this, search Google using one of the proxies available:

• https://ssl.scroogle.org/
• http://www.blackboxsearch.com/index.php
• http://blackle.com/

Let your computer retry .onion sites for you

Have you ever tried to visit an .onion site that you know is up, but the connection still times out on the first or second attempt? So you have to sit there and manually command your browser to refresh the page until it finally loads? Yeah that's a pain.

If you're using Privoxy as your http proxy, you can tell it to automatically retry connecting to .onion sites for you by adding the following directive to the config file (e.g. /etc/privoxy/config):

 forwarded-connect-retries 10

The number "10" is only a suggested value. Make it whatever makes sense for you.

If you're using firefox, the Try again extension can do a similar thing inside the browser.

Still having trouble with connectivity? Try building new circuits.

Bypass website registration

First see if someone has already created a publicly shared account on BugMeNot. There used to be a hidden service named BugMeNotRevolution for the same purpose; somebody should recreate it.

Creating one-off email accounts through Gmail, etc. is a pain. Several websites offer disposable email addresses. Use them to receive confirmation emails.

Browse sites over SSL

Obviously if you're accessing your bank account over Tor you need to connect using SSL. But what you may not have realized is that many of the other sites you use day-to-day offer SSL versions, which prevents exit nodes from sniffing and interfering with your browsing.

The EFF has released a great Firefox addon, HTTPS Everywhere, at http://www.eff.org/https-everywhere

• https://mail.google.com/mail/
• https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page

Note: make sure to double check that even over SSL your browser is still correctly configured to anonymize your browser characteristics.

Take control of your identity

Build new circuits

Are sites loading really slowly? Have you ever anonymously posted your secret furry pron stash, then wanted to log back in with your normal account—without having the same IP address be used to tie the two activities together? Has some tool gotten a particular exit node banned from your favorite site?

Tor automatically and periodically picks out new nodes to build circuits, however sometimes we need to tell Tor that we want entirely new circuits right now. Fortunately, Tor makes this easy:

• If you are using Vidalia, select "Use a New Identity" from the Control Panel.

• Alternatively, as long as you have the ControlPort enabled, you can use the venerable command line tool, netcat, to issue the command. First establish the connection:

 $ nc localhost 9051
 authenticate ""

Then whenever you need to build new circuits, issue the command:

 signal newnym

Specify your exit node

Another way you can control how your traffic is routed, is to specify which exit node you want to use for a connection. What you need to do is modify the URL you type into whatever application you are using by appending the special form ".<exit node>.exit" to the domain name. So for example, to visit http://www.torproject.org/ from the Swedish exit node cassandra, you would enter http://www.torproject.org.cassandra.exit/. Possible uses include making your connections appear to come from a specific country, and to confine your connections to certain exit nodes that are known to work well with a particular site.

Use a Tor-specific live CD

With the possible exception of swap space, doesn't leave any traces and is auto-configured to use Tor.

• TAILS - Live CD/USB distribution preconfigured to use Tor safely.
• Liberté Linux - secure, reliable, lightweight and easy to use Gentoo-based LiveUSB/SD/CD Linux distribution with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments.
• Privatix - LiveCD/USB. Debian, Tor, z.B. Browser and Torbutton. List of installed packages here.
• Phantomix - LiveCD. Knoppix, Tor, FireFox and Privoxy. List of installed packages here.
• Oniondsl - LiveCD. DSL. No list available of packages installed.
• ROCKate (more info)
• Anonym.OS - LiveCD, older one, based on OpenBSD

OnionCat Usage Tips

• Always be mindful that any services on your host bound to :: can be accessed by other users of OnionCat. Either have these services bind to an address in a space other than fd87:d87e:eb43::/48 (the hard-coded default) or to an IPv4 address, or simply plug it with an appropriate set of firewall rules.
• Consider applying bidirectional rate-limiting mechanisms for ICMPv6 communication on the tunnel interface (in case of an accidental or deliberate surge of echo requests/replies occurring), and plugging any known peer exploits associated with the protocol, if not blocking it altogether.
• Include every OnionCat address that your host is ever expected to perform name resolution upon in your "hosts" file, to prevent pseudo DNS leaks.
• Easy ways to prevent other potential leaks are still being investigated at this time.

FAQ

Is RSS running over Tor safe or not?

Does it compromise anonymity somehow? Where I can read more about it? And what do you think about Onionforum RSS service? [1]

The RSS family is more a data format than anything else, but it's pretty much implied that the feeds are published over http/https. As long as your RSS feed reader is set to forward the request including the hostname through Tor via an http proxy (typically Privoxy), you should be fine. My Firefox does seem to honor the proxy settings for downloading RSS feeds, but as always you need to check for yourself if there are any leaks.

Never use RSS with a feed reader that is configured to use Tor at some times and not at others. For example, don't subscribe to feeds in Firefox if you use Torbutton to toggle Tor usage on and off. Otherwise, when Tor is bypassed, your feed reader will go out to fetch the feed in the background and give away your IP.

How do I SSH into a hidden service?

See article Setup Anonymous SSH Via Tor Hidden Services

How do I SSH into a hidden service?

See article Setup Anonymous SSH Via Tor Hidden Services