Tor

Tor is another encryption tool that can help you protect the confidentiality of your communications. Tor is a free, relatively easy to use tool primarily designed to protect your anonymity online. But it also has the side benefit of encrypting your communications for some of their journey across the Internet.

How Tor Works

Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and many other applications. The information you transmit is safer when you use Tor, because communications are bounced around a distributed network of servers, called onion routers. This provides anonymity, since the computer you’re communicating with will never see your IP address — only the IP address of the last Tor router that your communications traveled through.

Tor helps to defend against traffic analysis by encrypting your communications multiple times and then routing them through a randomly selected set of intermediaries. Thus, unless an eavesdropper can observe all traffic to and from both parties, it will be very hard to determine your IP address. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you, and then periodically erasing your footprints.

To create a private network pathway with Tor, Alice’s Tor client first queries a global directory to discover where on the Internet all the Tor servers are. Then it incrementally builds a circuit of encrypted connections through servers on the network. The circuit is extended one hop at a time, and each server along the way knows only which server gave it data and which server it is giving data to. No individual server ever knows the complete path that a data packet has taken. The Tor software on your machine negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through.

[схема]

Due to the way Alice’s Tor client encrypted her data, each node in the circuit can only know the IP addresses of the nodes immediately adjacent to it. For example, the first Tor server in the circuit knows that Alice’s Tor client sent it some data, and that it should pass that data on to the second Tor server. Similarly, Bob knows only that it received data from the last Tor server in the circuit — Bob has no knowledge of the true Alice.

For efficiency, the Tor software uses the same circuit for connections that happen within the same ten-minute period. Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones.

Tor’s primary purpose is to frustrate traffic analysis, but as a by-product of how it works, Tor's encryption provides strong protection for the confidentiality of the content of messages as well. If an eavesdropper wiretaps Alice’s network link, all she’ll see is encrypted traffic between Alice and her first Tor server — a great feature. If the eavesdropper wiretaps Bob’s network link, she can see the unencrypted content Alice sent to Bob — but it may be very hard indeed for her to link the content to Alice!

You can learn about Tor, find easy installation instructions, and download the software at https://www.torproject.org. There you will also find instructions on how to easily "Torify" all kinds of different applications, including web browsers and instant messaging clients.

What Tor Won't Defend You Against

Tor won't defend you against malware. If your adversary can run programs on your computer, it's likely that they can see where you are and what you're doing with Tor.

If you've installed Tor on your computer but are using applications that don't understand how to use it, or aren't set up to use it, you won't receive protection while using those applications.

Tor may not defend you against extremely resourceful and determined oponents. Tor is believed to work quite well at defeating surveillance from one or a handful of locations, such as surveillance by someone on your wireless network or surveillance by your ISP. But it may not work if someone can surveil a great many places around the Internet and look for patterns across them.

If you aren't using encryption with the actual servers you're communicating with (for instance, if you're using HTTP rather than HTTPS), the operator of an "exit node" (the last Tor node in your path) could read all your communications, just the way your own ISP can if you don't use Tor. Since Tor chooses your path through the Tor network randomly, targeted attacks may still be difficult, but researchers have demonstrated that a malicious Tor exit node operator can capture a large amount of sensitive unencrypted traffic. Tor node operators are volunteers and there is no technical guarantee that individual exit node operators won't spy on users; anyone can set up a Tor exit node.

These and related issues are discussed in more detail at here.

Назад | Дальше