Seems like every couple of months, a major security breach story hits the news — and I don’t mean thieves cracking into Sony’s account servers; I mean the police breaking down some dissident’s door in a political trouble-spot, or even companies like Apple and Google tracking everything you do without your knowledge. Want to throw a wrench in attempts to track your online life? Have a look at Tor.
Simply logging out of pervasive Web services like Google and Facebook isn’t sufficient to protect your anonymity online, however. Annoying advertisers, crooks, and Big Brother can still track you through cookies, JavaScript tricks, and straight-up IP address logging — at least, if you’re using a run-of-the-mill Web browser. That’s what Tor can help you out with: Tor is a virtual network that funnels your HTTP traffic through an encrypted, distributed network of volunteer-run nodes. Your page requests enter the Tor cloud cloaked in SSL encryption, so no one monitoring you can track your activity, and they come out at a random endpoint that cannot be connected back to you.
There are a lot of people on the Internet for whom this is critical functionality. Anyone living in — or visiting — a country where the state monitors communications might need to keep prying eyes away from his or her online message board visits. People facing threats or harassment and employees in danger of reprisals need to protect themselves. Companies may need to keep the locations of their remote workers secret (which a VPN alone cannot do) or browse the competition’s Web site without being noticed. And the general browsing public may need to simply get away from the constant profiling and tracking by commercial companies.
Tor has its origins in a US Navy research project, designed to keep classified communication channels secure. At one point, the name was an acronym for The Onion Router, which helps most people understand how it functions. Requests from the browser (or other service; Tor works with chat, IM, and other applications as well) take a randomly-selected path between Tor nodes, each step of which is encrypted. Because there are multiple layers or encrypted forwarding (there’s the onion metaphor), it is impossible to associate any single hop with any originating request. Also akin to the metaphorical onion, each layer is completely separate from those on either side of it: a Tor node doesn’t know where a request it is funneling came from, or where it will ultimately arrive.
Of course, Tor only masks the origin and endpoint of the HTTP request: the contents of the request could very well reveal your identity to the site you are reading or to an eavesdropper on the site’s end of the connection. Imagine, for example, that you use Tor to log in to a persistent service like Gmail: someone snooping on your Wi-Fi access point might not be able to tell that you’ve logged in, but if they know you they could still see you appear as “online” in Google Chat. What’s far worse is that JavaScript apps can undermine your privacy by caching trackable info to send when you’re not looking, and interactive plug-ins like Java and Flash initiate their own connections, bypassing the user’s control altogether. So getting the most out of Tor isn’t exactly trivial, but it is still easily doable.
The Full Onion
The Tor network is meant to be accessed with a proxy server, a utility that client apps such as the browser connect to instead of sending requests directly to the Internet. Companies often use proxy servers to enable Internet traffic from within an office facility, to aid in firewalling or simply to cache content for reduced bandwidth costs. Firefox and most other Web browsers are therefore already able to use a proxy server out-of-the-box — Tor simply makes use of one that connects to its anonymizing network, rather than some generic portal.
The Tor project’s current browsing solution includes the Tor executable (which is responsible for finding Tor relays and maintaining your connection to them), a lightweight proxy called Polipo, and a Firefox browser extension called Torbutton. Torbutton enables you to switch Firefox from “Tor mode” to “open browsing mode” with a single click. For home usage, this is generally the most convenient option. Polipo can run silently in the background, not consuming any resources while you remain in open browsing mode. Whenever you activate Torbutton, however, the extension starts directing page requests to Polipo, which in turn sends them through the Tor network, securely.
To get started, you’ll need to download the latest packages from the project. Tor’s authors highly recommend that you use their packages only, not those provided by the distributions — because security updates are much slower to propagate through the distros’ packaging services. There are Debian, RPM, Gentoo, and BSD-style packages provided, and installation instructions for running the tor
daemon itself and Polipo. Neither needs much configuration. You can get the Torbutton extension from the Tor download page or through Mozilla’s add-ons site. Finally, visit the Tor Detector to see if your installation is working correctly — after you’ve switched Torbutton on, of course.
One-click anonymity? It sounds too good to be true: and indeed there is a catch. Because the Web these days has so many loopholes and sneaky security risks (such as the JavaScript and plug-in vulnerabilities mentioned above), activating Torbutton also triggers some other browser changes: disabling JavaScript, turning off saved form auto-completion, and a handful of other security measures.
If you’re an add-ons junkie, the safest thing you can do is run Firefox in “safe mode” by launching it with firefox -safe-mode
. This turns off extensions, which is an anonymity-protecting step because many of them secretly send data about your session to third-party services. The canonical examples are StumbleUpon and other “social bookmarking” tools; they send personally-identifiable information about your browsing session to the home server.
The Tor project recommends you simply don’t install them at all, and consider some other privacy-protecting extensions instead, such as RefControl, SafeCache, NoScript, and AdBlock Plus. In short, it’s a lot of work keeping private on the World Wide Web: either you only do it occasionally (with Torbutton on and extensions turned off) or you change your browsing habits, bolting on a suite of privacy armored extensions for everyday use and waving goodbye to the available-everywhere glow of social media.
The Simpler Option
A big part of this complexity isn’t Tor’s fault at all: it’s weird little bugs in Firefox. That’s why the Tor project recently announced its decision to phase out Torbutton, and instead maintain its own fork of Firefox, patched for security and integrated with Tor utilities. The project will send its patches upstream; the point is only to provide an easier-to-configure browsing option with fewer pieces to juggle.
The result is what you get with the Tor Browser (or Tor Browser Bundle, depending on where you look), which is a “portable app”-style package available for Linux, Windows, and Mac OS X. You can download a copy for use on your own machines, plus a copy (or perhaps all three) to a USB key for use when traveling. Each is roughly 63MB and change to download.
The self-contained nature of the Tor Browser Bundle makes installation easier. Just download, unpack, and run. On Linux, your download will be a folder named tor-browser_en-US by default (depending on what other language packs the project makes available — right now there are twelve). Inside, launch the browser with ./start-tor-browser &
. The Tor control panel “Vidalia” will pop up to keep you informed on the network’s status, and the browser will launch just like any other Firefox build. The “Tor Enabled” button from the Torbutton extension will show you that you are properly anonymized. Bring up the browser’s Add-ons control panel, and you’ll see a handful of other privacy-enhancing extensions, such as Better Privacy, NoScript, and HTTPS-Everywhere.
The latest release for Linux includes both 32-bit and 64-bit self-contained apps, and there are packages built on Firefox 3.6, and packages built on top of Firefox 4. The Firefox 4 based builds are considered alpha-quality, however, so don’t rely on them for real-world whistleblowing or civil disobedience. On the plus side, the Firefox 4 builds do support HTML5 <video> elements, which means you can watch YouTube videos even though Flash is not installed (try not to do too much of that if you don’t have to, though — the rest of the Tor network would appreciate it).
What will be more interesting than Firefox 4 support in the long run are the Tor Browser options for mobile devices. Mozilla is building Firefox For Mobile targeting the Android and Maemo/MeeGo handset platforms, and the Tor project hasn’t left those users out in the cold, either. There is even a Tor package for the iPhone/iPad browser (utilizing the standard proxy method rather than a Tor Browser Bundle, due to Apple’s refusal to allow third-party browsers). When mobile browsing, you are usually entirely at the mercy of the network provider, of which there are few to choose from, so having anonymity is extra important.
Honestly, once you have tried the Tor Browser Bundle, you are liable to ask why you ever bothered with the Torbutton jumping-through-hoops process. It is dead simple, and fast. You can continue to browse normally in Firefox or your other browser of choice, and fire up the Tor Browser when you need to access sensitive content.
Let’s Kick it Up a Notch
In addition to the reduced functionality that avoiding social media sites and Flash brings, the big caveat of Tor browsing is that, theoretically, you browse at a slower speed because your requests take more hops to get to their destination server. Whether or not this is noticeable depends largely on your network connection.
But if you do feel the lag when using Tor, the best thing you can do to speed it up is join the Tor network itself by running the Tor relay software. It’s true, you alone acting as a relay won’t speed up your own browsing session, but if you and one other person do, then the network will speed up for both of you.
To do so, you’ll want to download the permanent, non “Browser Bundle” version of Tor and Vidalia from the downloads page. The relay configuration instructions are simple enough: you can simply choose “Relay traffic for the Tor network” in Vidalia’s settings. However, you can also configure bandwidth-limiting and “exit policies” (to restrict your relay from connecting to sites that will get you in trouble with your ISP) if you want to.
Even if you can’t run a relay all the time, helping out periodically is still a good thing — even if no one knows it’s you when you do it.