Friday, February 26, 2016

TOR... what is it? Questions from the Inbox

You have questions ... we try to answer!

T O R has been in the news quite a bit lately, so we answer a Reader's inquiry about what it all means...



What is T O R?

T O R is the acronym for  "The Onion Router".  TOR was developed as a network of volunteer operated servers connected by "virtual tunnels" to enable enhanced privacy and is a backbone of what is called the "Deep Web".  TOR is popular with journalists, dissidents and others who may have an interest in not coming under scrutiny.  Indymedia and the Electronic Frontier Foundation endorse it.


Some sophisticated businesses use this method to prevent competitors from gaining insight into their routines.  The U.S. Navy uses it for OSINT (open source intelligence) gathering (this means making the searching non-attributable, the enemy has no idea what you are looking for, or that you are even looking)... The State Department funds it and uses it in connection with its "color revolution" schemes.  Read about the ideas behind that in Gene Sharp's work at http://www.aeinstein.org/ .


The picture above was found on https://twitter.com/thegrugq, where it is a mesmerizing video file.  This shows an abstraction of actual TOR traffic.  You can access it via https://torflow.uncharted.software/ and play with it.  Try zooming in.  There is an inexplicable node/relay in West Africa that is fascinating.  What is surprising is the relative lack of traffic in America... I would have thought it would be much denser there.  Germany, Paris, Netherlands, London make for a very dense collection of traffic.


Now that I have roughly explained a few pertinent facts about TOR, you are probably wondering, "how do I get some of that?".  Well, it depends.  For the tech savvy, it is quite easy to download a copy and check it.  There is a bit more to it than that, so I suggest that you go to https://www.torproject.org/about/overview or to https://tails.boum.org/ to get started.  Tails is a complete operating system that uses T O R that you place on a USB.  That USB then plugs into ANY computer (must have a USB port) and you can run TAILS over any other operating system.  In my experience, it runs web searches notably slower than your typical setup.  Understanding that this concept uses many nodes to bounce your packets off of, be happy that it does not take longer!  Just consider the technical achievement that this represents, and you will not be too worried about blazing speed.  Think dial up speed.  TAILS has a number of built in utilities, like Iceweasel as a browser and PIDGIN messenger.  You can even set up the desktop to look like a windows system to keep curious shoulder surfers at bay.  You can do a lot with this, it all depends on the tradeoffs that you are willing to make... speed, or security?  That USB can be carried with you anywhere, btw.



How secure IS TOR?  Well the Dept of State has its operatives using it in areas that probably would be unhealthy to get caught in.  Making those sorts of technical assessments are not my line, but Bruce Schnier has spoken on this topic. The security depends on just who you realistically think is trying to get into your comms. Remember, anything is eventually gettable.  I speak of this tool as a means to better protect yourself against criminal activity and some higher level adversaries... nothing is ever 100%.



It has been rumored since 2014 that the perceived anonymity of TOR had been compromised, but this was only just recently confirmed with the FBI indictment of Silk Road activist Brian Farrell.  Computer science teams from Carnegie Mellon University, funded by the Department of Defense, were able to successfully hack TOR, a position Carnegie Mellon initially tried to deny.

Here is a DEFCON video on how people have misused TOR, it provides more background on how the system works and its vulnerabilities.




At this point, it appears that TOR remains vulnerable only to state-level inquisitors.  If you are still interested in exploring TOR, here is a tutorial on how to do your setup.





Further research, you can do yourselves.  It is how you learn.  You are responsible for how you use this information, and good luck to you on your learning journey!




These are some additional links that you may find of use if you are reading this article:

https://trac.torproject.org/projects/tor/wiki

http://www.techrepublic.com/blog/it-security/everything-you-need-to-know-about-using-tor/

http://www.wikihow.com/Bypass-an-Internet-Filter-With-Tor

https://popehat.com/free-speech-resources/

http://motherboard.vice.com/read/why-a-law-firm-is-baiting-cops-with-a-tor-server


2 comments:

AC said...

Easiest path to using TOR:

https://tails.boum.org/

Tails is based on Debian Linux. Keep it updated.

YTZ4Mee said...

Hi,
Thanks so much for dropping by. The boum link was already in the body of the article.
Agreed it's always important to run the most current version of any software.