Why are people interested in Tor?

• Foreign and feeling very surveilled

• Want to keep public internet presence separate from private

• Just interested

• Sensitive advocacy

• Learn more about possible practical use cases

Why should we care about privacy?

• What do we mean by our “fingerprint”? Why should we care?

• I just get paranoid; want to be able to keep some data private

• Your behavior can be analyzed

• You can be profiled and lumped into groups

Explanation

• The basic digital identifier we’re concerned about today is your IP address

• Internet runs on a request/response cycle

• Assume all the space between our computer and our target server is hostile

• E.g. infrastructure could be run by AT&T (spied on by the NSA)

• Need to assume both the 1) address and 2) the content of the message are sensitive and need to be protected

• Tor: The Onion Router
  • Metaphor of the layered onion to describe layers of encryption
  • Alice wants to send a message to Bob
    • Alice sends a request to the Tor directory (also the weak link)
    • Tor directory returns a list of “relay node” servers capable of relaying encrypted messages to other relay nodes in the Tor network
    • Given the addresses returned from the Tor directory, Alice’s computer chooses a random path through N relay nodes, to an “exit node” then finally out of the Tor network to Bob
    • Alice encrypts the information n times (n = number of nodes)
    • Each node knows
    • Where the packet came from
    • Where the packet is going
    • How to decrypt its one layer
    • The last node (exit node) knows the IP address of the target end point
• Any UNIX-like system: `torify ssh [i.p.]` will torify your connection and show you connecting from a random IP address

Installating the Tor Browser

• Open your favorite browser
• Search for Tor (duckduckgo!)
• Downloading Tor will sometimes give you a pgp key to verify the authenticity of the download
• “GPG tools” is a thin wrapper for pgp tools: https://gpgtools.org
• Drag Tor into your apps folder
• Choose whether you need to configure a Tor bridge node or not
• “Which of the following best describes your situation?”
• I would like to make a direct connection to the Tor network
• My connection is censored or proxied. I need to configure bridge or local proxy settings before
• Option 1 works for mostly free internet; option 2 is for more highly censored connections
• We pick the first option because we have pretty good, clean internet

Now let’s use it!

• Can visit regular websites with your IP address obscured
• Can also visit .onion sites that are inaccessible through normal browsers
• E.g. https://www.nytimes3xbfgragh.onion/

Miscellany

• Examples of VPNs
  • Bitmask (https://bitmask.net): VPN and email service run by trustworthy folks at Riseup/LEAP
  • AirVPN (https://airvpn.org/): activist affiliated VPN clicent with strong Linux support, rich directory of non-US proxy servers
  • Private Internet Access – PIA (https://www.privateinternetaccess.com/) technically sound commercial VPN with lots of non-US proxy options and strong cross-platform support
  • TunnelBear (https://www.tunnelbear.com/) very user-friendly commercial VPN service with good Mac support

• Note: VPN vs. proxy: proxy has 2 meanings
• When we talked about VPNs, we really meant proxies
• 2ndary (older-school original) meaning is the way to remotely connect to intranets