Find us on Facebook
More keeppies by Priyanka
Tor (Anonymity Network) by Priyanka ,  Feb 12, 2013
Tor (short for The Onion Router)[5] is a system intended to enable online anonymity. Tor client software directs internet traffic through a worldwide volunteer network of servers to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages and other communication forms", back to the user [6] and is intended to protect users' personal privacy, freedom, and ability to conduct confidential business by keeping their internet activities from being monitored

What is Tor?

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis

Why Anonymity Matters

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Inception

Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.

Overview

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

People from all over the world use TOR to search for sensitive information on the internet. What most people do not know is that the United States and many other countries have put a national firewall up for their citizens. We cannot access a lot of websites from various places in the country due to this. By the implementation of TOR, we can now have the ability to access that data. Law enforcement uses TOR for their surveillance operations so they do not leave their IP addresses in the web logs.

Even the military uses TOR. When they have their field agents and personnel staying at hotels or accessing their information through a wifi network off base, they enable TOR to protect their data transfers, website logins and passwords. Reporters Without Borders use the TOR Network to ensure their safety when they overseas or in an area of high danger. IT professionals use to TOR to test their company's IP firewalls.

Maintaining online security in this digital age is a must. With all of the identity theft rings and scams online, you want to be sure that you're personal data is secure. When you use TOR, you can have the peace of mind knowing that will not become a statistic to online theft.

Normal people use Tor

  • They protect their privacy from unscrupulous marketers and identity thieves. Internet Service Providers (ISPs) sell your Internet browsing records to marketers or anyone else willing to pay for it. ISPs typically say that they anonymize the data by not providing personally identifiable information, but this has proven incorrect. A full record of every site you visit, the text of every search you perform, and potentially userid and even password information can still be part of this data. In addition to your ISP, the websites (and search engines) you visit have their own logs, containing the same or more information.
  • They protect their communications from irresponsible corporations. All over the Internet, Tor is being recommended to people newly concerned about their privacy in the face of increasing breaches and betrayals of private data. From lost backup tapes, to giving away the data to researchers, your data is often not well protected by those you are supposed to trust to keep it safe.
  • They protect their children online. You've told your kids they shouldn't share personally identifying information online, but they may be sharing their location simply by not concealing their IP address. Increasingly, IP addresses can be literally mapped to a city or even street location, and can reveal other information about how you are connecting to the Internet. In the United States, the government is pushing to make this mapping increasingly precise.
  • They research sensitive topics. There's a wealth of information available online. But perhaps in your country, access to information on AIDS, birth control, Tibetan culture, or world religions is behind a national firewall.
Military and Law Enforcement

Militaries use Tor

  • Field agents: It is not difficult for insurgents to monitor Internet traffic and discover all the hotels and other locations from which people are connecting to known military servers. Military field agents deployed away from home use Tor to mask the sites they are visiting, protecting military interests and operations, as well as protecting themselves from physical harm.
  • Hidden services: When the Internet was designed by DARPA, its primary purpose was to be able to facilitate distributed, robust communications in case of local strikes. However, some functions must be centralized, such as command and control sites. It's the nature of the Internet protocols to reveal the geographic location of any server that is reachable online. Tor's hidden services capacity allows military command and control to be physically secure from discovery and takedown.
  • Intelligence gathering: Military personnel need to use electronic resources run and monitored by insurgents. They do not want the webserver logs on an insurgent website to record a military address, thereby revealing the surveillance.
Journalists and the Media

Journalists and their audience use Tor

  • Reporters without Borders tracks Internet prisoners of conscience and jailed or harmed journalists all over the world. They advise journalists, sources, bloggers, and dissidents to use Tor to ensure their privacy and safety.
  • The US International Broadcasting Bureau (Voice of America/Radio Free Europe/Radio Free Asia) supports Tor development to help Internet users in countries without safe access to free media. Tor preserves the ability of persons behind national firewalls or under the surveillance of repressive regimes to obtain a global perspective on controversial topics including democracy, economics and religion.
  • Citizen journalists in China use Tor to write about local events to encourage social change and political reform.
  • Citizens and journalists in Internet black holes use Tor to research state propaganda and opposing viewpoints, to file stories with non-State controlled media, and to avoid risking the personal consequences of intellectual curiosity.

Law enforcement officers use Tor

  • Online surveillance: Tor allows officials to surf questionable web sites and services without leaving tell-tale tracks. If the system administrator of an illegal gambling site, for example, were to see multiple connections from government or law enforcement IP addresses in usage logs, investigations may be hampered.
  • Sting operations: Similarly, anonymity allows law officers to engage in online “undercover ” operations. Regardless of how good an undercover officer's “street cred” may be, if the communications include IP ranges from police addresses, the cover is blown.
  • Truly anonymous tip lines: While online anonymous tip lines are popular, without anonymity software, they are far less useful. Sophisticated sources understand that although a name or email address is not attached to information, server logs can identify them very quickly. As a result, tip line web sites that do not encourage anonymity are limiting the sources of their tips.
Activists & Whistleblowers

Activists & Whistleblowers use Tor

  • Human rights activists use Tor to anonymously report abuses from danger zones. Internationally, labor rights workers use Tor and other forms of online and offline anonymity to organize workers in accordance with the Universal Declaration of Human Rights. Even though they are within the law, it does not mean they are safe. Tor provides the ability to avoid persecution while still raising a voice.
  • When groups such as the Friends Service Committee and environmental groups are increasingly falling under surveillance in the United States under laws meant to protect against terrorism, many peaceful agents of change rely on Tor for basic privacy during legitimate activities.
  • Human Rights Watch recommends Tor in their report, “ Race to the Bottom: Corporate Complicity in Chinese Internet Censorship.” The study co-author interviewed Roger Dingledine, Tor project leader, on Tor use. They cover Tor in the section on how to breach the “Great Firewall of China,” and recommend that human rights workers throughout the globe use Tor for “secure browsing and communications.”
  • Tor has consulted with and volunteered help to Amnesty International's past corporate responsibility campaign. See also their 2006 full report on China Internet issues.
  • Global Voices recommends Tor, especially for anonymous blogging, throughout their web site.
  • In the US, the Supreme Court recently stripped legal protections from government whistleblowers. But whistleblowers working for governmental transparency or corporate accountability can use Tor to seek justice without personal repercussions.
  • A contact of ours who works with a public health nonprofit in Africa reports that his nonprofit must budget 10% to cover various sorts of corruption, mostly bribes and such. When that percentage rises steeply, not only can they not afford the money, but they can not afford to complain — this is the point at which open objection can become dangerous. So his nonprofit has been working to use Tor to safely whistleblow on government corruption in order to continue their work.
  • At a recent conference, a Tor staffer ran into a woman who came from a “company town” in the eastern United States. She was attempting to blog anonymously to rally local residents to urge reform in the company that dominated the town's economic and government affairs. She is fully cognizant that the kind of organizing she was doing could lead to harm or “fatal accidents.”
  • In east Asia, some labor organizers use anonymity to reveal information regarding sweatshops that produce goods for western countries and to organize local labor.
  • Tor can help activists avoid government or corporate censorship that hinders organization. In one such case, a Canadian ISP blocked access to a union website used by their own employees to help organize a strike.

High & low profile people use Tor

  • Does being in the public spotlight shut you off from having a private life, forever, online? A rural lawyer in a New England state keeps an anonymous blog because, with the diverse clientele at his prestigious law firm, his political beliefs are bound to offend someone. Yet, he doesn't want to remain silent on issues he cares about. Tor helps him feel secure that he can express his opinion without consequences to his public role.
  • People living in poverty often don't participate fully in civil society -- not out of ignorance or apathy, but out of fear. If something you write were to get back to your boss, would you lose your job? If your social worker read about your opinion of the system, would she treat you differently? Anonymity gives a voice to the voiceless. Although it's often said that the poor do not use online access for civic engagement, failing to act in their self-interests, it is our hypothesis (based on personal conversations and anecdotal information) that it is precisely the “permanent record ” left online that keeps many of the poor from speaking out on the Internet. We hope to show people how to engage more safely online, and then at the end of the year, evaluate how online and offline civic engagement has changed, and how the population sees this continuing into the future.
Businesses

Business executives use Tor

  • Security breach information clearinghouses: Say a financial institution participates in a security clearinghouse of information on Internet attacks. Such a repository requires members to report breaches to a central group, who correlates attacks to detect coordinated patterns and send out alerts. But if a specific bank in St. Louis is breached, they don't want an attacker watching the incoming traffic to such a repository to be able to track where information is coming from. Even though every packet were encrypted, the IP address would betray the location of a compromised system. Tor allows such repositories of sensitive information to resist compromises.
  • Seeing your competition as your market does: If you try to check out a competitor's pricing, you may find no information or misleading information on their web site. This is because their web server may be keyed to detect connections from competitors, and block or spread disinformation to your staff. Tor allows a business to view their sector as the general public would view it.
  • Keeping strategies confidential: An investment bank, for example, might not want industry snoopers to be able to track what web sites their analysts are watching. The strategic importance of traffic patterns, and the vulnerability of the surveillance of such data, is starting to be more widely recognized in several areas of the business world.
  • Accountability: In an age when irresponsible and unreported corporate activity has undermined multi-billion dollar businesses, an executive exercising true stewardship wants the whole staff to feel free to disclose internal malfeasance. Tor facilitates internal accountability before it turns into whistleblowing.

Bloggers use Tor

IT Professionals use Tor

  • To verify IP based firewall rules: A firewall may have some policies that only allow certain IP addresses or ranges. Tor can be used to verify those configurations by using an IP number outside of the company's alloted IP block.
  • To bypass their own security systems for sensitive professional activities: For instance, a company may have a strict policy regarding the material employees can view on the internet. A log review reveals a possible violation. Tor can be used to verify the information without an exception being put into corporate security systems.
  • To connect back to deployed services: A network engineer can use Tor to remotely connect back to services, without the need for an external machine and user account, as part of operational testing.
  • To access internet resources: Acceptable use policy for IT Staff and normal employees is usually different. Tor can allow unfettered access to the internet while leaving standard security policies in place.
  • To work around ISP network outages: Sometimes when an ISP is having routing or DNS problems, Tor can make internet resources available, when the actual ISP is malfunctioning. This can be invaluable in crisis situations.

Please do send us your success stories. They are very important because Tor provides anonymity. While it is thrilling to speculate about undesired effects of Tor, when it succeeds, nobody notices. This is great for users, but not so good for us, since publishing success stories about how people or organizations are staying anonymous could be counterproductive. For example, we talked to an FBI officer who explained that he uses Tor every day for his work — but he quickly followed up with a request not to provide details or mention his name.

Like any technology, from pencils to cellphones, anonymity can be used for both good and bad. You have probably seen some of the vigorous debate (pro, con, and academic) over anonymity. The Tor project is based on the belief that anonymity is not just a good idea some of the time — it is a requirement for a free and functioning society. The EFF maintains a good overview of how anonymity was crucial to the founding of the United States. Anonymity is recognized by US courts as a fundamental and important right. In fact, governments mandate anonymity in many cases themselves: police tip lines, adoption services, police officer identities, and so forth. It would be impossible to rehash the entire anonymity debate here — it is too large an issue with too many nuances, and there are plenty of other places where this information can be found. We do have a Tor abuse page describing some of the possible abuse cases for Tor, but suffice it to say that if you want to abuse the system, you'll either find it mostly closed for your purposes (e.g. the majority of Tor relays do not support SMTP in order to prevent anonymous email spamming), or if you're one of the Four Horsemen of the Information Apocalypse, you have better options than Tor. While not dismissing the potential abuses of Tor, this page shows a few of the many important ways anonymity is used online today.

Why we need Tor

Using Tor protects you against a common form of Internet surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you're travelling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.

How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on.

A basic problem for the privacy minded is that the recipient of your communications can see that you sent it by looking at headers. So can authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well. A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers.

But there are also more powerful kinds of traffic analysis. Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.

The solution: a distributed, anonymous network

How Tor works

Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going.

To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through relays on the network. The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through.

Tor circuit step two

Once a circuit has been established, many kinds of data can be exchanged and several different sorts of software applications can be deployed over the Tor network. Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection's source and destination. Tor only works for TCP streams and can be used by any application with SOCKS support.

For efficiency, the Tor software uses the same circuit for connections that happen within the same ten minutes or so. Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones.

Tor circuit step three

Hidden services

Tor also makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Using Tor "rendezvous points," other Tor users can connect to these hidden services, each without knowing the other's network identity. This hidden service functionality could allow Tor users to set up a website where people publish material without worrying about censorship. Nobody would be able to determine who was offering the site, and nobody who offered the site would know who was posting to it. Learn more about configuring hidden services and how the hidden service protocol works.

Staying anonymous

Tor can't solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don't want the sites you visit to see your identifying information. For example, you can use Torbutton while browsing the web to withhold some information about your computer's configuration.

Also, to protect your anonymity, be smart. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit.

According to CNet, Tor's anonymity function is "endorsed by the Electronic Frontier Foundation and other civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists".[39] It has also been described by The Economist, in relation to Bitcoin and the Silk Road, as being "a dark corner of the web."[40] Anonymizing systems such as Tor are at times used for matters that are, or may be, illegal in some countries, e.g. Tor may be used to gain access to censored information, to organize political activities,[41] or to circumvent laws against criticism of heads of state. Tor can also be used for anonymous defamation, unauthorized leaks of sensitive information, and copyright infringement, the distribution of illegal sexual content,[42][43][44] the selling of controlled substances,[45]money laundering,[46]credit card fraud and identity theft; the black market which exploits the Tor infrastructure operates, at least in part, in conjunction with Bitcoin,[47] and Tor itself has been used by criminal enterprises, hacktivism groups (such as Anonymous), and law enforcement agencies at cross purposes, sometimes simultaneously.
Comments: