[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 04/04/13 13:42, Neil Winchurst wrote: > Even though Linux is supposed to be a bit more secure than Windows I > still look around for anything I can find on the topic of web > security. Today I found a reference to something called Tor. > > http://www.torproject.org > > Has anyone on the list come across it? (I am particularly aiming this > at Bad Apple). If so I would be interested in any comments. Especially > as I seem to be getting more and more rubbish emails recently. > > Regards > > Neil > Why on earth would you suspect that I, of all the fine upstanding citizens of the internet, would know anything about Tor eh Neil? Ok, guilty as charged! Not only do I use Tor, I also run an exit node and have run several others previously. As others have pointed out, Tor is an anonymity tool and not anything else: it certainly won't help you trim down your spam count. It is used when you want your originating IP to be something other than the one that can be trivially traced to your ISP account by the powers that be - obviously this has many uses, some nefarious and some perfectly valid. It is commonly used by: Evil spammers who relay their exit nodes out over Tor (these are mostly blocked by mail admins) Hackers (obviously - the good ones have their own private proxy chains built from compromised hosts as well) Activists (in my opinion the most valid and essential use for the Tor network) Whistleblowers (Bradley Manning should have used Tor, not that it would have ultimately saved him) Downloaders (very handy for accessing thepiratebay.se and other 'banned' sites) Shoppers (the only way to connect to the infamous 'silk road' online drugs supermarket) Personally, I use it for reasons 2 and 5 on the list - as I happen to believe very strongly in freedom of expression and sidestepping censorship on principle I firmly support the Tor initiative as the need for Tibetan, Iranian and oppressed peoples all over the world to communicate freely is critical (much more important than my 'need' to access the Pirate Bay for example). Certainly and inevitably, some people do abuse the Tor service but it is an increasingly vital player in a depressingly segmented and balkanised internet. Some notes: if you're going to use it, get the up to date versions from https://www.torproject.org as the versions in the repos are out of date. On windows, just grab the Tor browser bundle. On Linux, use a secondary browser and set it (I happen to use Chromium locked in private mode) permanently to your internal Tor proxy - don't forget that virtually any program can be routed over Tor using a 'socks-ifier' such as tsocks. If you're serious about anonymity, do *NOT* use your normal browser - such as Firefox with an extension to switch between proxy settings (like Torbutton, FoxyProxy) as your browser can be independently finger-printed at the other end, somewhat defeating the object. Used correctly, Tor provides very strong anonymity - even though it's commonly known that several (perhaps even the majority) of Tor exit nodes are run by and monitored by intelligence agencies, short of 'black boxing', a theoretical attack where government agencies with nearly unlimited access to computing power and the telecoms infrastructure compare *all* ingress and egress points across a given area to match a specific connection by timing signatures - so unless you are doing something unbelievably naughty it's highly dependable to keep you out of trouble. Similar but different technologies include i2p and Freenet, both easily found on the internet. i2p sadly is a java app and thus sucks quite a lot. Cheers -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq