Many times we need to be anonymous on the internet. It might be for business, political or just personal reasons. There are many mechanisms around in the internet to keep your anonymity. Most of these are using internet proxies. What if you are being watched by the ISPs thru which you are passing to the proxy? Confidentiality of your data / research or communication is no more guareteed.
A common form of internet surveillance is traffic analysis, which is mostly employed by websites, ISPs and even by governments. By using traffic analysis, websites may deny access or increase the price of the subscription or product or even does not accept the order. Another case is that the local government might have blocked specific websites and you would want to use them for information sharing or gathering and do not trust the online proxies. A third case would be to do research about a competitor and do not want to indicate your companies IP addresses in the web server logs of the other company. There are may other scenarios you might want not to become a victim of traffic aalysis.
How does Tor network help us?
Tor is free and open source for Windows, Mac, Linux/Unix, and Android. You can download tor here. You could choose which client you need to use and download them accordingly.
The Tor software is a program you can run on your computer that helps keep you safe on the Internet. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. This set of volunteer relays is called the Tor network. See below how Tor works ad how it sends your data.
You can find more details about how Tor works at here
Key projects run by the Tor community include:
- Torbutton: Torbutton is a 1-click way for Firefox users to enable or disable Tor in Firefox.
- Vidalia: Vidalia is a graphical way to control and view Tor’s connections and settings.
- Tor Browser: Tor Browser contains everything you need to safely browse the Internet.
It is important to configure the Tor software to enable it to work as expected. The below extract is from the Tor site on configuring the Tor software for best use.
…then please don’t just install it and go on. You need to change some of your habits, and reconfigure your software! Tor by itself is NOT all you need to maintain your anonymity. There are several major pitfalls to watch out for:
- Tor only protects Internet applications that are configured to send their traffic through Tor — it doesn’t magically anonymize all your traffic just because you install it. We recommend you use Firefox with the Torbutton extension.
- Torbutton blocks browser plugins such as Java, Flash, ActiveX, RealPlayer, Quicktime, Adobe’s PDF plugin, and others: they can be manipulated into revealing your IP address. For example, that means Youtube is disabled. If you really need your Youtube, you can reconfigure Torbutton to allow it; but be aware that you’re opening yourself up to potential attack. Also, extensions like Google toolbar look up more information about the websites you type in: they may bypass Tor and/or broadcast sensitive information. Some people prefer using two browsers (one for Tor, one for non-Tor browsing).
- Beware of cookies: if you ever browse without Tor and a site gives you a cookie, that cookie could identify you even when you start using Tor again. Torbutton tries to handle your cookies safely. CookieCuller can help protect any cookies you do not want to lose.
- Tor anonymizes the origin of your traffic, and it encrypts everything between you and the Tor network and everything inside the Tor network, but it can’t encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet — use HTTPS or other end-to-end encryption and authentication. HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.
- While Tor blocks attackers on your local network from discovering or influencing your destination, it opens new risks: malicious or misconfigured Tor exit nodes can send you the wrong page, or even send you embedded Java applets disguised as domains you trust. Be careful opening documents or applications you download through Tor, unless you’ve verified their integrity.
- Tor tries to prevent attackers from learning what destinations you connect to. It doesn’t prevent somebody watching your traffic from learning that you’re using Tor. You can mitigate (but not fully resolve) the risk by using a Tor bridge relay rather than connecting directly to the public Tor network, but ultimately the best protection here is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them.
Be smart and learn more. Understand what Tor does and does not offer. This list of pitfalls isn’t complete, and we need your help identifying and documenting all the issues.
Enjoy safe browsing online. Share your thoughts on how you have used for anonymity.