September 2, 2011

Tor: confidential, anonymous and secure Internet

WORDS BY   Mariano Cecowski

POSTED IN   internet | internet | debian | security | security | mobile | android | debian | tor

You can't see the latest series in Hulu because you are not in the USA? You need to keep the government (or anyone) from knowing what you do in the Internet and who you talk to? Are you trying to reach content that is censored in your country? Are you starting a revolution such as those recently in Tunisia, Egypt or Algeria?

Well, then probably you should know about Tor.



The Tor project has been around for several years for those sharing very sensitive information (for instance WikiLeaks informers), and to avoid government surveillance in general specially in countries who's governments not only censorship the Internet but also control the electronic activity of their citizens. Tor creates a series of encrypted virtual tunnels that completely hide the information leaving or arriving at their computer. Not even what sites or people you are reaching! To the Internet, you have a foreign IP (usually in the US) and thus access to uncensored content, and all the communication between borders is handled securely encrypted. (see some other use cases).

But setting up a Tor client has never been necessarily simple. Starting daemon processes, configuring proxies, browsers,  etc.  is a process in which you can easily make a mistake if you are not an expert, which might lead you to big problems.

Don't panic just yet: the guys at Tor came with two portable solutions for you!

With the Tor Browser Bundle and the Tor IM Browser Bundle you will be able to browse (and also Chat in the IM version) privately and securely using the Tor network with only one click.

The bundles are plain zip files that contain everything you need already configured (based on and you only need to start the bundle to automatically set up the Tor network and start using the bundled Browser (and Pidgin chat program in IM) on top of the Tor network, which greets you with a page confirming (or not) that you are secured.

The bundles contain Tor's very useful Vidalia console, a modified version of FireFox 6, and a couple of FF add-ons such as HTTPS Everywhere and Torbutton. And, of course, Pidgin with the Off-the-Record extension in the IM version. You can unzip the bundle in your computer and start using it there, or even better, put it and use it from a portable flash drive!

Vidalia Control Panel

Vidalia Control Panel

Another neat thing is that you can continue to use your normal connection in your normal browser/chat without interfering with the secured Tor counterparts. For those more paranoid (hey, if you don't trust the network, why trust your computer? There are viruses and back-doors everywhere!) there's also a LiveCD/LiveUSB version of Tor called Tails with which you can boot to Debian GNU/Linux with Tor already configured. The OS is set so that it won't make use of the machine's hard disk  (not even swap!) to avoid leaving any traces on that computer, and is a full Debian desktop distribution.

But wait, there's more! So you've got that Android phone? Guess what.

Yeap; Orbot is the Android version of the Tor network. Once installed, you can choose which applications (or all) will make use of the Tor network, and that's it.



So, even if the Tor network won't help you if you get cut off the Internet, and the transfer speeds are certainly lower that your normal connections, you have several options and simple solutions to use the Internet in a truly anonymous, secure and private manner.

If you make use of Tor, thoroughly read this best practice warnings, avoid using Bittorrent on Tor, consider making a donation, and if you are using tor in your desktop computer, set it as a Tor relay: even as little as 20KB/s can help the Tor network to run fine for everyone.

Safe browsing!