Tuesday, March 4, 2008

The Joys of Tor: Experimental Freedom

I have been tinkering with a lot of different technologies lately on my quest for Internet freedom, and one of these technologies, an Open Source one caught my eye in particular.

I doubt the government has any love for Tor, the Onion Router, as it provides fairly great anonymity for free, although it does have it's ups and downs.

It is an excellent project, as advanced experimental software goes, and you may download it here.

First of all, they call it the Onion Router because of how it works (and it usually does), basically be enabling the client to connect to a client, which acts as either a SOCK4a or SOCKS5 proxy which encrypts traffic in multiple layers of SSL/TLS (Secure Sockets Layer/Transport Layer Security), which in turn connects to a daisy-chain of "relays," servers which accept encrypted connections, and each of form an SSL tunnel endpoint for each layer, thus the name "Onion Router," as each Relay "peels off" a layer of encryption, until at the Exit Node, the traffic is returned to the state it was in (in reality, if the Tor Client it reachable over a LAN, logically if it is only running on your Localhost (meaning the same computer).

It was a breeze to set up Vidalia on M$ Windows, and the next step is to carefully regulate how applications and any plug-ins access the Internet.

When you want to be in stealth mode, you want to actually be in Stealth Mode.

So, First of all, use Firefox and Pidgin, and don't use Java, Javascript, or Flash unless you have to (disable them, via <about:plugins>. You may selectively filter Java, Flash and Javascript access-control-list-style by obtaining Noscript, oh, and use Cookie Culler to manage cookies (I need to investigate this, so I can't tell you how good it is, though Noscript is great, I use it all of the time, but remember that it uses an implicit Deny, so if it is unfamiliar with the domain name, it will Deny its access to your Javascript engine), so you don't have to disable cookies outright, or keep purging them all.

I Will keep you posted on my forays in this, as this is such a fascinating thing.

Did I mention Hidden Services though Tor, which means endless possibilities to server hosting behind Firewalls, overzealous ISPs, censored computers, organizations, schools, even countries!

Not that I'm going to do anything naughty.... ;)

Web servers under Hidden Services is only the beginning, you may host chat servers, game servers, mail servers (although SMTP is usually blocked because of the greedy spammers sending junk email to everybody anonymously, so anti-abuse measures were taken to prevent spam flooding the network.

You can host just about any TCP-based network service you can think of over Tor, just remember that heavy traffic is considered impolite, so you may want to justify something extreme by hosting a Relay, or even an Exit Node offsite somewhere, which would mollify anyone's complaints. Most people do run this stuff for you and everybody on their own time, money, bandwidth, and risk, so please give the volunteers some respect, okay?


Anyway, see you.

1 comment:

Maicol said...

Hey Alex, Maicol here, first of all I want to tell you that your blog is really interesting, most of the subjects you talk about are of great interest to me. I would like to hear more of your ideas and lear a little more about linux and open source and things like pen testing etc. I've tried Backtrack, ubuntu, slax, redhat, and debian but i've just played around with them, i've never done anything with use. For the Tor network you should try the Tor browser bundle with smac for windows. my msn is m.nieto at live dot com.