Tor seems to be a way of hiding your isp address. It's being recommended for political activists and those buying Bitcoin.

Any views on this? Is it safe to use?

Thanks, paul

Paul,

If privacy & anonymity are what you are seeking than you may well have to consider Tor in conjunction with other software.

To be safe I would think a layered approach to privacy & anonymity would be a good idea and as Bitcoin, Tor and related topics have been has been in the news of late I would suggest a fair bit of research be undertaken prior to clicking on something you you are using for the first time.

I looked at Tails https://tails.boum.org/getting_started/index.en.html page and warning page https://tails.boum.org/doc/about/warning/index.en.html where various threats associated with Tor are expanded upon. The Tor main page https://www.torproject.org/ also has several explanations as to how Tor can and can not protect you.

Not forgetting https://help.ubuntu.com/community/Tor

Thanks tubbygweilo,
I was just about to download TOR when I noticed that it was originated by the american military (the navy, I think).
I'll check out those links you mentioned before doing anything further.

Paul,
The EFF https://ssd.eff.org/tech/tor and EFF in general https://www.eff.org/ offer IMHO good pointers as to real World security topics although I must admit the EFF is slanted towards US matters but then Wiki https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29 offers general information in easily digestible bite sized chunks.

It all comes down to who do you trust to give information about software and indeed make software?

By discussing and asking questions in an open forum any answers will be peer reviewed and criticised, and that is a good start.

So Paul, keep asking questions and weighing any answers prior to clicking on something.

From that wiki link it seems that Tor is mostly funded by the US government.

I'm becoming less and less inclined to trusting government/big business these days. This is why i'm moving away from the likes of Windows and towards Linux. It seems open-source people have a higher level of personal integrity and a higher morality than those driven by the profit motive.

I may be doing the Tor people a great disservice, they may be driven by honourable motives but that US government funding is a big negative for me.

Is there any "independent" open-source software to protect from being spied on by government/big business?

Hello!

Although the subject of TOR is not without political and legal implications, please remember that the Forume CoC proscribes political discussion.

Please restrict further posts to the subject of whether TOR is safe to use.

Thanks.

Oops!

Sorry about that. I wasn't aware that politics was banned.

I won't do it again.

(Where can I find the reason WHY politics is banned?)

paul

Ah I've found it in the Code of Conduct : Politics and Religion are banned because of "problems in the past".

I don't use/trust tor. You may want to look into a program called "proxychains". That's what I use when I need to do certain things online. Just don't use tor with it. A lot of tutorials suggest using tor as your first proxy but it's really not necessary. It's really dependent of how long you need to be online though as a chain of proxies can go down pretty quick. If you need to be online for a long time you can always just pay for a vpn.

Thanks tubbygweilo,
I was just about to download TOR when I noticed that it was originated by the american military (the navy, I think).
That's right. Robust communication has military roots. The U.S. Navy has a patent on onion routing, and the U.S. Air Force developed packet switching, which is the basis for the Internet. If you prefer, you can choose not to use TOR, but to transmit your IP address openly on the Internet. There are alternatives, although perhaps none as robust. For what it's worth, TOR is open-source software.

As far as I know, it's VERY safe, and it's what I would use if I needed a secure anonymizing service for some reason. But if you do use TOR, be sure to read the directions, and note the limitations. Even if you don't use TOR you should read the TOR directions, as the same limitations are common to virtually all anonymizing techniques.

Thread moved to The Cafe.

Tor is an open-source project (BSD license according to Wikipedia), so it's unlikely that any parties have put in some kind of back door, if that's what you're worried about (since the many paranoid, trained eyes looking at it would probably have spotted them).

I'm not qualified to comment on its effectiveness with regards to anonymity.

To follow on from Evilsoup's postings Tor comments upon backdoors https://www.torproject.org/docs/faq.html.en#Backdoor and license https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=LICENSE are available for all to study and reach an informed decision on Tor related topics.

Great explanation of how it works, and where it isn't safe: HTG Explains: Is Tor Really Anonymous and Secure? (http://www.howtogeek.com/142380/htg-explains-is-tor-really-anonymous-and-secure/)

Although the subject of TOR is not without political and legal implications, please remember that the Forume CoC proscribes political discussion.


I'm happy with Tor, I use the standalone browser, it's better than whatever is out there.

Thanks, dodo3773,

You say you don't use/trust tor. Can you say why? Is it just a general distrust of government funded projects or is there something in the source-code that is suspicious, or perhaps another reason. I'm just a computer user, I don't really know how the internet works and so I have to rely on experts (like yourself perhaps?) who can tell me what is safe or not to use.

Hello elfy,

Why have you moved this discussion on security to The Cafe? I'm new here and it does not seem appropriate to move a security thread to The Cafe.

paul

From that wiki link it seems that Tor is mostly funded by the US government.


Your point is...? It's developed by many people from different backgrounds (universities, volunteers, researchers, etc.) so there are lots of eyes on it all the time. It's also funded from many other sources including private organizations. If there was any hanky panky going on anyone could blow the whistle at anytime given the transparent nature and open source code. The answer is yes, it's "safe" to use Tor as long as you understand what it does and how to use it.

Thanks Dragonbite, that link has made things clearer for me. It seems that any problems would be associated with "exit nodes" being owned by governments/dodgy individuals.

paul

Hello lukeiamyourfather,

My point is inherent in the thread question, it is about whether government-sponsored things can always be trusted. Some people think the government always acts in their interests, others do not. I belong to the latter category and as I have no expertise in computer-related/internet matters I came here to ask the experts for advice.

It seems that the majority think that TOR is trustworthy. The point you make about "many eyes watching the open-source code" is a good one and one I find reassuring, so thanks for that.

paul

Paul,
if you wish to hide your isp address then as others have suggested a proxy may be all you require and the youtube tutorial by NixiePixel entitled Howto - Hide Your IP Address may well meet all of your needs.

TOR seems to have it's purpose. It hides IP address. But 90% of the traffic on TOR seems to be unencrypted. Can we all say fools? Use https.

I use a VPN service and sometimes TOR. You'll notice TOR apps are encrypted. Why would TOR have an encrypted chat app? Because encryption is still vital for everything.

I wouldn't touch it with a barge pole. Bottom line, if you're only using internet for legit stuff you don't need Tor. Be sensible about what you do online.

I wouldn't touch it with a barge pole. Bottom line, if you're only using internet for legit stuff you don't need Tor. Be sensible about what you do online.

There are legitimate uses, if you're involved in anti-government stuff, or have some other reason to believe that someone is trying to track you.

Thanks, dodo3773,

You say you don't use/trust tor. Can you say why? Is it just a general distrust of government funded projects or is there something in the source-code that is suspicious, or perhaps another reason. I'm just a computer user, I don't really know how the internet works and so I have to rely on experts (like yourself perhaps?) who can tell me what is safe or not to use.

Well, here's the thing: It's very easy to know if someone is using a tor exit node if enough time has passed (It depends on who has control of the tor exit node you are using and what type of end to end encryption you are using (if any (I would recommend using "HTTPS Everywhere" -> https://www.eff.org/https-everywhere at the very least))). In order for tor to become more secure more and more people need to volunteer their time and computers for exit nodes. One thing to remember about tor is that anyone can manage and run an exit node whether that someone be good, bad, friend, enemy, etc..etc...

If you are going in and out quickly it's hard to say. You may be fine. Look at it more like a roll of the dice though. I would recommend spoofing your mac address, using a live cd (without any type of persistent storage) and using internet outside the home at the very least if you plan on doing something really dangerous.

Edit: Probably worth mentioning: This should be common sense but do not log into any sites that were signed up for without tor with tor (including email clients, chat clients, etc..).

TOR is probably about as anonymous as you can be for a simple install-and-go application, if that's your objective. Last time I tried it out though it was horrifically slow, so you wouldn't want to be using it all the time. It may have improved since then, but as the whole network is bottlenecked by design I suspect it's a permanent problem. Surfing the net on it would be like chewing glass IMO, and forget about downloading large files, gaming or streaming anything.

Edit: Probably worth mentioning: This should be common sense but do not log into any sites that were signed up for without tor with tor (including email clients, chat clients, etc..).
Question about this please?

I only use TOR when going to banking institutions online. I signed up for them without TOR, before I starting using it.

Should I not use TOR for them given the above statement? (I have been).

Thanks.

As with anything online, TOR is only as safe as the servers you are routing through. Do you know which servers the data is going through when you use TOR? Do you know who owns those servers or why they are hosting a server? If the answer to that is no then you should try your best to at least add some more encryption to to your transfers. Encryption isn't completely foolproof as there are backdoors, but it's a start. As I said earlier, it makes more sense to only use the Internet for legit reasons, ie not anti-government stuff, porn, anarchy or anything like that. If you're worried about being tracked then you should probably avoid the Internet altogether, because if someone really wants to track you online they can do it wheter or not you use TOR. Use your brains.

Question about this please?

I only use TOR when going to banking institutions online. I signed up for them without TOR, before I starting using it.

Should I not use TOR for them given the above statement? (I have been).

Thanks.

Why use TOR with your own bank anyway? All the traffic to and from is encrypted, I don't see what additional security TOR would offer you. Your bank already knows who you are.

Why use TOR with your own bank anyway? All the traffic to and from is encrypted, I don't see what additional security TOR would offer you. Your bank already knows who you are.
I dunno, because I am stupid maybe?

Alright. I'm finished with it then. I was getting tired of using it anyways.

Thanks.

;p

Edit: Probably worth mentioning: This should be common sense but do not log into any sites that were signed up for without tor with tor (including email clients, chat clients, etc..).

Just to mention that a lot of places won't allow you to register when using tor. I registered an email account with a online provider and all went well. After a while though the account was suspended (nothing illegal or even remotely dubious was done with it), I tried registering a new account and simply refused based on source IP.

Tor provides an encrypted connection between you and an exit node - that is all it does - it is a free VPN provided by a few kind souls. This is useful when you are in a public place using WiFi (airport or coffee shop) where you trust the exit node more than the bored geeks next to you.

Tor is also useful when you are behind a restrictive filter and need access to a blocked site and you know that the exit node is on the other side of said filter, such as when you are in a control freak territory, a weird state or a university dorm.

So if you want instant gratification, just use it. If you are a little paranoid, check the IP address of the exit node when you signed in. If you are totally paranoid, get off the web and move into a cave.

Question about this please?

I only use TOR when going to banking institutions online. I signed up for them without TOR, before I starting using it.

Should I not use TOR for them given the above statement? (I have been).

Thanks.

If you sign up for an online service without a proxy than on the server side of that service (as long as they keep logs) knows the original ip that you signed up from. So, you're not being as anonymous as you think. Do you see what I mean?

If you sign up for an online service without a proxy than on the server side of that service (as long as they keep logs) knows the original ip that you signed up from. So, you're not being as anonymous as you think. Do you see what I mean?
Yes, I do now. I didn't before you and others explained.

If I want anonymity with an online service, then sign up with it using a web proxy and use it with them. If I want encryption also, there are VPN security services to use.

Thanks.

Yes, I do now. I didn't before you and others explained.

If I want anonymity with an online service, then sign up with it using a web proxy and use it with them. If I want encryption also, there are VPN security services to use.

Thanks.

Probably worth mentioning: A lot of online services will not work correctly with tor. Gmail would be a good example of this. Since the exit nodes can change from country to country on the tor network it could be seen as suspicious activity by the service you are using depending on the security settings of the service. If you plan on being behind a proxy permanently I would highly recommend paying for a good vpn proxy service of some kind to save yourself the headache.

Probably worth mentioning: A lot of online services will not work correctly with tor. Gmail would be a good example of this. Since the exit nodes can change from country to country on the tor network it could be seen as suspicious activity by the service you are using depending on the security settings of the service. If you plan on being behind a proxy permanently I would highly recommend paying for a good vpn proxy service of some kind to save yourself the headache.
More information to consider.

Thanks.

More information to consider.

Thanks.

That's what I said in post #30

I haven't managed to have a live USB boot, in fact I haven't even managed any sort of boot from tails (still trying). I think the onion method is an eloquent method to avoid basic detection/censorship. Make sure whatever means you use you also ssl/http to whatever address you are going to, this will avoid 'man in the middle' attacks.
The internet does not belong to any country or any person and is evolution in action. As tech increases I like to remind people that my pc was built 10 years ago and it gets cheaper and cheaper to maintain. But no, it's not foolproof, no system will be in our lifetime. Use the wrong name in the wrong place and you are done. Nothing is safe, so be nice to your peers :)

That's what I said in post #30
I read your post too. I have been reading about free services. He states "I would highly recommend paying for a good vpn proxy service of some kind to save yourself the headache." If I were to decide to use a VPN, I would follow his advice and try to buy a good service. That is what I was referring to.

Thanks.

I read your post too. I have been reading about free services. He states "I would highly recommend paying for a good vpn proxy service of some kind to save yourself the headache." If I were to decide to use a VPN, I would follow his advice and try to buy a good service. That is what I was referring to.

Thanks.


Oh ok. I don't see how a vpn service is gonna provide anonymity when someone comes knocking. They keep records and you usually have to pay via some form of official means which is traceable.

I was asking myself the same question after reading some recent headlines. Tor is generally regarded as safe, interestingly even by the NSA! I see two main issues with Tor:
1. Compromised nodes, in particular compromised exit nodes
2. Tor doesn't route all traffic through the Tor network

You can find a pretty good discussion about Tor's safety at https://www.cryptocloud.org/viewtopic.php?f=9&t=2894&hilit=tor+vulnerabilities and http://invisibler.com/is-tor-safe/ and of course there is plenty of info at the Tor Project's site itself.

Personally I use a VPN and Tor on top of it for certain stuff, just to satisfy my paranoid self...

I only somewhat recently learned about TOR. Since I needed to reinstall Ubuntu anyway, I downloaded the .tar TOR bundle. Opened it up and just had a quick peak around and then did the re-install.
I know it's not illegal to use, but it could draw attention to you. At least thats what I think. I'd like to check it out more though and see what it's about. I'll probably make a ubuntu live-usb and download the bundle to there and use it off the USB stick.
I'd set up a proxy server for home and use public networks.

Not sure how good TOR's search engine is, but you could use DuckDuckGo which is HTTPS.

Well the whole point of tor is that you are anonymous while using it, so unless it's flawed on some technical level I don't see how anyone would know that you're using it in the first place.