Truly Anonymous Internet surfing with Tor (https://www.torproject.org)

how use it on internet ? i don't see where's download

rawblog said:

how use it on internet ? i don't see where's download

Click to expand...

As you normally only browse the Internet using TOR the Tor Browser should be the easiest way.
https://www.torproject.org/projects/torbrowser.html.en
But I have to admit that I haven't used TOR until know.

Recently I got interested in it because you can run an anonymous web service:
https://www.torproject.org/docs/tor-hidden-service.html.en
Anyone tried that yet? I read a few documents about TOR (e.g. https://www.torproject.org/docs/hidden-services.html.en), but still I'm not convinced that it is really anonymous. At least the computers your "hidden service" is connected to know your IP address. How can you make sure that they are not the problem? I mean if e.g. the NSA owns one of the introduction points or the rendezvous point? Or did I misunderstood something?
If I get it right I simply install the TOR client on - let's say - an Ubuntu machine (which can be a VM). Then I install a web server on the same machine which listens only to 127.0.0.1:80. It shouldn't return any information in the error pages as well as in the HTTP response header. Then I configure TOR telling it where my "hidden service" is located. And that's it? This way I will have an anonymous web service? And I even get a hostname (e.g. duskgytldkxiuqc6.onion) which others can use to access it?

I'm sorry about all these questions. Before I only tried Freenet and it was really awful. And beside that I don't have much experience.

About the JavaScript issue I found the following entry in the FAQ:
https://www.torproject.org/docs/faq#TBBJavaScriptEnabled

I don't know a lot about the hidden services. They do have blog with all sorts of useful info (https://blog.torproject.org/blog/) so I would assume that there may be an answer for you there.....somewhere. I have used the hidden services before but they tend to be somewhat slow, speed is not something TOR is famous for. They are a lot faster than in years past though. What I would suggest perusing is their sales pitch page (a bit of an oxymoron there as TOR is a free service), which is full of fun facts for first time readers:

https://www.torproject.org/about/overview.html.en

Hm, okay, I read that "sales pitch page" before. But it contains only a brief overview.
Yes, I can imagine that it isn't very fast. But that is the not the main point about such a software, right? As long as it isn't slower as Freenet, it is okay.
It's interesting that TOR is some kind of SOCKS proxy. And you can have your own "domain" (the hostname) as well as your own service. You can't do that with Freenet. You can create some kind of site consisting of documents and other resources. But it's all a little bit complicated and very v-e-r-y slow. And interactive content is not possible at all. By "interactive content" I don't mean JavaScript or Flash, but that you can have content that changes dynamically or some kind of forms or something like that which can be used to transmit data.

I like that the US Navy still uses it, which says a whole fucking lot. I used SOCKS proxies before TOR. They were a pain in the butt to find but they were the most secure proxy available. TOR is a layer or chain of SOCKS proxies which is why it is also known as The Onion Router.

i thought SOCKS was fundamentally a transparent process (ie it doesnt modify headers etc).
and isnt The Onion Router given its name because of the 'wrapping' (the layer of encryption) that is added at each hop? the wrapping/unwrapping process is like peeling an onion. packet headers are added along with a layer of encryption with each hop so that the receiving router only knows the address of the router it came from (and vice-versa). the process is carried out in a chain which facilitates anonymity.

Maybe Ceewan used SOCKS proxies which also acted as anonymizer. And as far as I understand SOCKS it receives the TCP / UDP packets and sends its content using TCP / UDP to the other side. But it doesn't simply forward the packets, it repacks their content in packets which have the SOCKS proxy as sender. So your IP address is not visible.

Yes, TOR wrappes the content into packets which are encrypted. But the introduction points (the point which are used by the client to enter the TOR network and the point at which the packets leave the TOR network) can see the content if it isn't encrypted (e.g. normal HTTP access). That's why the TOR people recommend to use HTTPS or other encrypted connections.

Actually Onion Routing is a combination of multiple nodes and repeated encryption. No need to be nitpicking about it though.

The TOR browser comes with the add-on HTTPS-everywhere which will atempt to always connect via Https. However for the most part all someone can do is see where you are connecting to on your first hop. It would take some effort to actually snoop on what request you sent to the entry node. Regardless it is a moot point since TOR browser connects to entry nodes via Https by default.

You are right about SOCKS proxies. Back in the day, before TOR, they were considered the best (and usually fastest) option for privacy. I am not much of a tech but I know what I am talking about when it comes to proxies. I actually had a hard time breaking away from using IE as a browser because it was the only one that allowed you to set up a proxy chain (three different proxy connections) which is as about secure as you get if setup properly (each proxy anonymous, in a different country and https compatable). But proxy chains are a pain in the ass to keep working using public proxies and TOR does all the work for you without mistakes.

https://en.wikipedia.org/wiki/SOCKS

Today I read that the headline "FBI: Stealth browser TOR is not safe" and was a little bit shocked. It seems that "The Silk Road" - a platform for trading everything was located by the FBI (means the server) also the plattform uses TOR. And that headline is totally misleading. In this case it seems not the browser was the problem, but the server - or to be more precise: the hidden service. The programmer who set up the platform made a mistake. And thanks to that they were able to determine the real IP of the server and to sue the programmer. The browser was never the problem.
So it is the typical story: Someone made a mistake using, so the whole product is at faulty. Nice, nice...

Ah, I forgot, here is a blog entry about it: https://www.nikcub.com/posts/analyzing-fbi-explanation-silk-road/

see "Tor and Operation Onymous" https://blog.torproject.org

No one knows (so far) how they were able to locate the server.

Actually I had heard a rumor about that awhile ago, way before Operation Onymous. It was said that an operator of one of the hidden services had been under investigation and that he was busted via an unsecure email link he used on the site. Because of this a lot of Hidden Tor Websites went down. It could be something along the same lines or actually inconjunction with this earlier arrest. The police can be very patient and determined, it is not unknown for them to spend years on something like this. You would think they are chasing a fucking serial killer like on tv.

I never used Silkroad but I respected them.

https://en.wikipedia.org/wiki/Operation_Onymous

As just said the technique used to find the locality of the server remains unkwown, but once they got it, it was very easy to find who was behind because those guys were using a Gmail account linking to them (and other stupid mistakes)

If it is about that Silkroad thing: I read some articles about it. It seems that they used some CAPTCHA when you registered a new user. And that CAPTCHA thing was pointing to the public real address of server.
What do we learn from that? 1.) Work thoroughly. 2) Never give your hidden service server a public address and also don't set-up a port forwarding to. This way you will recognize your mistake when you test your own site because these links won't work then.

The CAPTCHA method does not appear in the official document, so one wanders who propagated this rumor (but I saw it just like you ), the usual “he says, she says”

May be SR version 5.6.b will be the good one , although I don't smoke or take shits, so don't need it.

There are a fair share of hackers who occasionally use Tor (I used to know a few of them) and while they couldn't do the "magical instant hacks" you see on tv, they still could get into some amazing places....and take you with them. So it is very possible that this speculation is just a spot on analysis from someone(s) who knew about the weakness in the first place. A hacker would not warn his prey because it would ruin his fun....or whatever else he had going on.

There is just an article about "Traffic correlation using netflows" on their blog

https://blog.torproject.org

Just an example of of them theorizing and continuing their research, this is kind of what some of them do with their "spare" time. These guys are hardcore. Basically it is nothing to be concerned about IMO. Thx for the share though, it made for interesting reading.