Difference between revisions of "How to Tor"
Jump to navigation
Jump to search
(Created page with "#Why are people interested in Tor?# *Foreign and feeling very surveilled *Want to keep public internet presence separate from private *Just interested *Sensitive advocacy...") |
|||
| Line 1: | Line 1: | ||
| − | + | =Why are people interested in Tor?= | |
*Foreign and feeling very surveilled | *Foreign and feeling very surveilled | ||
| Line 11: | Line 11: | ||
*Learn more about possible practical use cases | *Learn more about possible practical use cases | ||
| − | + | =Why should we care about privacy?= | |
*What do we mean by our “fingerprint”? Why should we care? | *What do we mean by our “fingerprint”? Why should we care? | ||
| Line 21: | Line 21: | ||
*You can be profiled and lumped into groups | *You can be profiled and lumped into groups | ||
| − | + | =Explanation= | |
*The basic digital identifier we’re concerned about today is your IP address | *The basic digital identifier we’re concerned about today is your IP address | ||
| Line 34: | Line 34: | ||
*Tor: The Onion Router | *Tor: The Onion Router | ||
| − | |||
**Metaphor of the layered onion to describe layers of encryption | **Metaphor of the layered onion to describe layers of encryption | ||
| − | |||
**Alice wants to send a message to Bob | **Alice wants to send a message to Bob | ||
| − | |||
***Alice sends a request to the Tor directory (also the weak link) | ***Alice sends a request to the Tor directory (also the weak link) | ||
| − | |||
***Tor directory returns a list of “relay node” servers capable of relaying encrypted messages to other relay nodes in the Tor network | ***Tor directory returns a list of “relay node” servers capable of relaying encrypted messages to other relay nodes in the Tor network | ||
| − | |||
***Given the addresses returned from the Tor directory, Alice’s computer chooses a random path through N relay nodes, to an “exit node” then finally out of the Tor network to Bob | ***Given the addresses returned from the Tor directory, Alice’s computer chooses a random path through N relay nodes, to an “exit node” then finally out of the Tor network to Bob | ||
| − | |||
***Alice encrypts the information n times (n = number of nodes) | ***Alice encrypts the information n times (n = number of nodes) | ||
| − | |||
***Each node knows | ***Each node knows | ||
***Where the packet came from | ***Where the packet came from | ||
***Where the packet is going | ***Where the packet is going | ||
***How to decrypt its one layer | ***How to decrypt its one layer | ||
| − | |||
***The last node (exit node) knows the IP address of the target end point | ***The last node (exit node) knows the IP address of the target end point | ||
| − | |||
*Any UNIX-like system: `torify ssh [i.p.]` will torify your connection and show you connecting from a random IP address | *Any UNIX-like system: `torify ssh [i.p.]` will torify your connection and show you connecting from a random IP address | ||
| − | + | =Installating the Tor Browser= | |
*Open your favorite browser | *Open your favorite browser | ||
| − | |||
*Search for Tor (duckduckgo!) | *Search for Tor (duckduckgo!) | ||
| − | |||
*Downloading Tor will sometimes give you a pgp key to verify the authenticity of the download | *Downloading Tor will sometimes give you a pgp key to verify the authenticity of the download | ||
| − | |||
*“GPG tools” is a thin wrapper for pgp tools: https://gpgtools.org | *“GPG tools” is a thin wrapper for pgp tools: https://gpgtools.org | ||
*Drag Tor into your apps folder | *Drag Tor into your apps folder | ||
| − | |||
*Choose whether you need to configure a Tor bridge node or not | *Choose whether you need to configure a Tor bridge node or not | ||
| − | |||
*“Which of the following best describes your situation?” | *“Which of the following best describes your situation?” | ||
| − | |||
*I would like to make a direct connection to the Tor network | *I would like to make a direct connection to the Tor network | ||
| − | |||
*My connection is censored or proxied. I need to configure bridge or local proxy settings before | *My connection is censored or proxied. I need to configure bridge or local proxy settings before | ||
| − | |||
*Option 1 works for mostly free internet; option 2 is for more highly censored connections | *Option 1 works for mostly free internet; option 2 is for more highly censored connections | ||
| − | |||
*We pick the first option because we have pretty good, clean internet | *We pick the first option because we have pretty good, clean internet | ||
| − | + | =Now let’s use it!= | |
*Can visit regular websites with your IP address obscured | *Can visit regular websites with your IP address obscured | ||
| − | |||
*Can also visit .onion sites that are inaccessible through normal browsers | *Can also visit .onion sites that are inaccessible through normal browsers | ||
| − | |||
*E.g. https://www.nytimes3xbfgragh.onion/ | *E.g. https://www.nytimes3xbfgragh.onion/ | ||
| − | + | =Miscellany= | |
*Examples of VPNs | *Examples of VPNs | ||
| − | |||
**Bitmask (https://bitmask.net): VPN and email service run by trustworthy folks at Riseup/LEAP | **Bitmask (https://bitmask.net): VPN and email service run by trustworthy folks at Riseup/LEAP | ||
| − | |||
**AirVPN (https://airvpn.org/): activist affiliated VPN clicent with strong Linux support, rich directory of non-US proxy servers | **AirVPN (https://airvpn.org/): activist affiliated VPN clicent with strong Linux support, rich directory of non-US proxy servers | ||
| − | |||
**Private Internet Access – PIA (https://www.privateinternetaccess.com/) technically sound commercial VPN with lots of non-US proxy options and strong cross-platform support | **Private Internet Access – PIA (https://www.privateinternetaccess.com/) technically sound commercial VPN with lots of non-US proxy options and strong cross-platform support | ||
| − | |||
**TunnelBear (https://www.tunnelbear.com/) very user-friendly commercial VPN service with good Mac support | **TunnelBear (https://www.tunnelbear.com/) very user-friendly commercial VPN service with good Mac support | ||
*Note: VPN vs. proxy: proxy has 2 meanings | *Note: VPN vs. proxy: proxy has 2 meanings | ||
| − | |||
*When we talked about VPNs, we really meant proxies | *When we talked about VPNs, we really meant proxies | ||
| − | |||
*2ndary (older-school original) meaning is the way to remotely connect to intranets | *2ndary (older-school original) meaning is the way to remotely connect to intranets | ||
Latest revision as of 22:35, 28 November 2017
Why are people interested in Tor?
- Foreign and feeling very surveilled
- Want to keep public internet presence separate from private
- Just interested
- Sensitive advocacy
- Learn more about possible practical use cases
Why should we care about privacy?
- What do we mean by our “fingerprint”? Why should we care?
- I just get paranoid; want to be able to keep some data private
- Your behavior can be analyzed
- You can be profiled and lumped into groups
Explanation
- The basic digital identifier we’re concerned about today is your IP address
- Internet runs on a request/response cycle
- Assume all the space between our computer and our target server is hostile
- E.g. infrastructure could be run by AT&T (spied on by the NSA)
- Need to assume both the 1) address and 2) the content of the message are sensitive and need to be protected
- Tor: The Onion Router
- Metaphor of the layered onion to describe layers of encryption
- Alice wants to send a message to Bob
- Alice sends a request to the Tor directory (also the weak link)
- Tor directory returns a list of “relay node” servers capable of relaying encrypted messages to other relay nodes in the Tor network
- Given the addresses returned from the Tor directory, Alice’s computer chooses a random path through N relay nodes, to an “exit node” then finally out of the Tor network to Bob
- Alice encrypts the information n times (n = number of nodes)
- Each node knows
- Where the packet came from
- Where the packet is going
- How to decrypt its one layer
- The last node (exit node) knows the IP address of the target end point
- Any UNIX-like system: `torify ssh [i.p.]` will torify your connection and show you connecting from a random IP address
Installating the Tor Browser
- Open your favorite browser
- Search for Tor (duckduckgo!)
- Downloading Tor will sometimes give you a pgp key to verify the authenticity of the download
- “GPG tools” is a thin wrapper for pgp tools: https://gpgtools.org
- Drag Tor into your apps folder
- Choose whether you need to configure a Tor bridge node or not
- “Which of the following best describes your situation?”
- I would like to make a direct connection to the Tor network
- My connection is censored or proxied. I need to configure bridge or local proxy settings before
- Option 1 works for mostly free internet; option 2 is for more highly censored connections
- We pick the first option because we have pretty good, clean internet
Now let’s use it!
- Can visit regular websites with your IP address obscured
- Can also visit .onion sites that are inaccessible through normal browsers
- E.g. https://www.nytimes3xbfgragh.onion/
Miscellany
- Examples of VPNs
- Bitmask (https://bitmask.net): VPN and email service run by trustworthy folks at Riseup/LEAP
- AirVPN (https://airvpn.org/): activist affiliated VPN clicent with strong Linux support, rich directory of non-US proxy servers
- Private Internet Access – PIA (https://www.privateinternetaccess.com/) technically sound commercial VPN with lots of non-US proxy options and strong cross-platform support
- TunnelBear (https://www.tunnelbear.com/) very user-friendly commercial VPN service with good Mac support
- Note: VPN vs. proxy: proxy has 2 meanings
- When we talked about VPNs, we really meant proxies
- 2ndary (older-school original) meaning is the way to remotely connect to intranets