Image of the glider from the Game of Life by John Conway
Skip to content
{ 2006 08 10 }

Security and Anonymity with Tor

Being an advocate of security protocols and applications, I am actually quite stunned that I haven't thought of this before. Actually, I had heard of it a while ago, but didn't give any thought to it. Now I kind of wish I had. I am talking about Tor. However, before getting into the nitty gritty about Tor, I like to start about why you should the application.

Do you Google? You know. Gmail, Images, Maps, Video, Froogle, Groups, News, Calendar, etc. Have the Google site personalized for your needs and looks? Set to your homepage? Have the Google Toolbar installed in Firefox? Whether you are aware of it or not, Google is building a profile about you. Yes. It's true. Everything you search for from Heidi Klum to installing Linux is being recorded and watched. Google isn't the only guilty party here either. MSN, Yahoo!, Amazon, eBay and many others are doing the same thing. When you get down to it, it gets very very scary what personal information about you is stored on the web. Credit information, SSN's, bank accounts, you name it.

How about logging into sites with user-names and passwords? FTP sites, blogs, accounts, etc. It's easier than you think to snoop someone while whey are entering their info. I've done it. Take a network security class in college, and you'll see just how easy it is (given that the site doesn't use some sort of secure socket layer, or other form of encryption).

What about running a server? Worried about getting DDoSed? Or suffering from the Digg/Slashdot effect. It isn't pleasant. What about getting hacked through some security hole? Christer knows how that feels. Again, not fun. Although there are many measures to ensure that these attacks are minimal, you are still vulnerable, even if there is a 1/250000 chance of getting hacked. You've done all you can do, so what happens when your server is compromised?

Scared? You should be. So what can you do? Make yourself invisible?! Exactly!

Tor has the capability to handle each of the scenarios I laid out fairly well, with a few exceptions. From the website:

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves.

Okay. Good. So Tor creates a network confusion to the outside observer. No one can tell, including the onion routers, where you are, and more importantly, who you are. All of the sudden, traffic analysis and network profiling are taken to an extreme minimum. Running a server using Tor, and you can rest assured that DDoS attacks and other abuse are virtually nil. Chatting on IRC using Tor, and not even the IRC server knows who you are. Instant messaging, web browsing, email, and virtually anything that access the Internet can be run using Tor.

Cool. How does it work? Well, I don't know the deep in and outs as I am still learning through tinkering and tweaking. Basically, though, you connect to a Tor server as an entry point. Tor randomly picks your entry point out of literally thousands of Tor servers. The connection between you and the entry point is encrypted using secure public key encryption. Then the entry Tor node picks a middle Tor node completely by random (again, from thousands of running Tor servers worldwide). This connection is also encrypted. Finally, the middle Tor node randomly connects to your exit node. As with the previous two connections, the connection is encrypted. The exit node, as it name implies, connects you to the server of choice (Google, MSN, whatever). This exit connection is not encrypted (well, it could be depending an where you landed. Your bank account login could be encrypted). That path will only exist for that given request. New requests are given another completely random path.

With this connection pattern, it is highly improbable (1 in a gazillion) that an outside snoop or server (Google, etc) will be able to: 1) get your IP address for whatever reason, 2) sniff out packets to read your data and 3) develop a profile about you.

Now, with that said, Tor doesn't solve all anonymity problems. First, if you are using a server that uses a database to store information, and you login to that database, Tor won't fix that. For example, your email. I use GMail as my personal email account. Because of the nature of email, messages sit on the GMail server. As such, my messages could be read by a bot, or even staff members. As such, my anonymity really doesn't apply here. Because GMail uses targeted ads based on the body text of the email itself, messages are obviously being scanned, and a profile built. Your bank account, eBay account, and any others would be similar. However, most traffic analysis becomes defunct.

Also, as mentioned, the connection between the exit Tor node and the server is not encrypted. This means, although highly unlikely due to other factors, that a snoop can in fact read the data between the exit node and the server. Logging into FTP, Telnet, web sites, and other services that don't utilize encryption can be packet sniffed. Again though, it is very unlikely due to other factors in place.

Finally, to run a site behind Tor, you would have to create a hidden service. This means that any visitors you want to the site would have to use a Tor client, and know the address url (in the form of xxxxxxxxxxxxx.onion) to the hidden service. This is somewhat a pain as most (99 out of 100) people aren't going to be running Tor. So they will never know about the site. Also, even as a hidden service, a dedicated hacker can bring your server down.

Hopefully, I've peaked your interest. It really is worth it. I've been testing it lately on IRC, and have decided to go full spin with IM, web browsing and email. I would recommend it. You can visit sites and services without leaving a footprint. I'll tell you right now, though, that setting up a Tor client isn't exactly the easiest thing in the world, but worth the trouble. And I have noticed very little, if any at all, sacrificed bandwidth. Latency seems to be quite low.

This is the first of more to come about Tor and anonymity on the web.

Posted by Aaron Toponce on Thursday, August 10, 2006, at 3:38 pm. Filed under Security. Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog. For IM, Email or Microblogs, here is the Shortlink.

{ 1 } Comments