Tor (anonymity network)

src: blog.tuvpn.com

Tor is free software to enable anonymous communications. This name is derived from the acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a worldwide, free, worldwide volunteer overlay network of more than seven thousand relays to hide the user's location and usage from anyone doing network monitoring or traffic analysis. Using Tor makes it more difficult to track Internet activity to users: this includes "visits to websites, online posts, instant messages, and other forms of communication". Tor's intended use is to protect the personal privacy of their users, as well as their freedom and ability to communicate secrets by keeping their Internet activity monitored.

Tor does not prevent online services from determining when it is being accessed through Tor. Tor protects user privacy, but does not hide the fact that someone uses Tor. Some websites limit benefits through Tor. For example, the MediaWiki TorBlock extension automatically limits edits made through Tor, although Wikipedia allows some limited editing in exceptional circumstances.

Onion routing is implemented by encryption in the application layer of the communication protocol stack, nested like an onion layer. Tor encrypts the data, including the destination IP address of the next node, several times and sends it through a virtual circuit consisting of a randomly selected Tor relay. Each relay decrypts the encryption layer to reveal the next relay in the circuit to pass the remaining encrypted data to it. The last relay decrypts the innermost encryption layer and sends the original data to its destination without revealing or knowing the source IP address. Because communications routing is partially hidden in every hop on the Tor circuit, this method eliminates a point at which peer communicating can be determined through network oversight that depends on knowing its source and destination.

Enemies may try not to anonymize users in some way. One way this can be achieved is by utilizing vulnerable software on the user's computer. The NSA has a technique that targets vulnerabilities - they name the password "EgotisticalGiraffe" - in an expired version of Firefox's browser at one time coupled with the Tor package and, in general, target Tor users for rigorous monitoring under its XKeyscore program. The attack on Tor is an active area of ​​academic research welcomed by Tor Project itself. Most of the funding for Tor's development comes from the federal government of the United States, originally through the Navy Research Office and DARPA.

Video Tor (anonymity network)

Histori

Tor's core principle, "onion route", was developed in the mid-1990s by employees of the US Naval Research Laboratory, mathematician Paul Syverson, and computer scientist Michael G. Reed and David Goldschlag, with the aim of protecting US intelligence communications online. Onion routing was further developed by DARPA in 1997.

The alpha version of Tor, developed by Syverson and computer scientist Roger Dingledine and Nick Mathewson and later called The Onion Routing project, or TOR project, was launched on September 20, 2002. The first public release took place a year later. On August 13, 2004, Syverson, Dingledine, and Mathewson presented "Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium. In 2004, Naval Research Laboratory released code for Tor under a free license, and the Electronic Frontier Foundation (EFF) began funding Dingledine and Mathewson to continue its development.

In December 2006, Dingledine, Mathewson, and five others founded The Tor Project, a Massachusetts-based nonprofit research-education organization 501 (c) (3) responsible for maintaining Tor. The EFF acted as Tor Project's fiscal sponsor in its early years, and the initial financial supporters of the Tor Project included the U.S. International Bureau of Broadcasting, Internews, Human Rights Watch, Cambridge University, Google, and Stichting NLnet based in the Netherlands.

Since this period and so on, most of the funding sources come from the US government.

In November 2014 there was speculation after Operation Onymous that Tor's weakness had been exploited. A representative of Europol is the secret of the method used, saying: " This is something we want to keep for ourselves.We do this, we can not share with the whole world, because we want to do it again and again and again. "The BBC source cited" technical breakthroughs "that enabled tracking of server physical location, and the number of sites originally claimed by police has been infiltrated causing speculation that weaknesses in Network Tor have been exploited. This possibility is underestimated by Andrew Lewman, a representative of the nonprofit Tor project, suggesting that more traditional police job implementation is more likely. However, in November 2015 court documents on this issue resulted in serious ethical security research and Fourth Amendment issues.

In December 2015, The Tor Project announced that it has hired Shari Steele as its new executive director. Steele previously led the Electronic Frontier Foundation for 15 years, and in 2004 pioneered the EFF's decision to fund Tor's initial development. One of the main goals is to make Tor more user-friendly to bring wider access to anonymous web browsing.

In July 2016, Tor's full board resigned, and announced a new council, comprising Matt Blaze, Cindy Cohn, Gabriella Coleman, Linus Nordberg, Megan Price, and Bruce Schneier.

Maps Tor (anonymity network)

Usage

Tor allows users to surf the Internet, chat and send instant messages anonymously, and is used by a wide range of people for both legitimate and forbidden purposes. Tor has, for example, been used by criminal companies, hacktivism groups, and law enforcement agencies at various destinations, sometimes simultaneously; likewise, institutions within the US government by various means funded Tor (US State Department, National Science Foundation, and - through the Board of Governors of Broadcasting, partly funded Tor until October 2012 - Radio Free Asia) and attempted to subvert it.

Tor is not meant to solve the problem of anonymity on the web. Tor is not designed to completely erase tracks but to reduce the possibility for sites to track actions and data back to the user.

Tor is also used for illegal activities, for example, to gain access to censored information, to organize political activities, or to avoid a law against criticism of heads of state.

Tor has been described by The Economist , in relation to Bitcoin and Silk Road, as "the dark corners of the web". It has been targeted by the American National Security Agency and the British GCHQ signifies intelligence agencies, albeit with marginal success, and is more successful by the British National Crime Agency in Operation Notarise. At the same time, GCHQ has used a tool called "Shadowcat" for "end-to-end encrypted access to VPS via SSH using TOR networks". Tor can be used for anonymous defamation, unauthorized leakage of sensitive information, copyright infringement, distribution of illegal sexual content, sale of controlled substances, weapons, and stolen credit card numbers, money laundering, bank fraud, credit card fraud, identity theft and counterfeit currency exchange; the black market uses Tor's infrastructure, at least in part, along with Bitcoin. It has also been used to block IoT devices.

In his complaint against Ross William Ulbricht of Silk Road, the US Federal Bureau of Investigation acknowledged that Tor had "legitimate use". According to CNET, Tor's anonymity function is "supported by the Electronic Frontier Foundation (EFF) and other civil liberties groups as a method for reporters and human rights workers to communicate with journalists". Self-Defense Watching Guidelines The EFF includes a description in which Tor fits in a larger strategy to protect privacy and anonymity.

In 2014, EFF Eva Galperin told BusinessWeek magazine that "The biggest problem of Tor is tap.No one hears about that time someone is not being followed by their perpetrators, they hear how someone escaped by downloading child porn. "

Project Tor states that Tor users include "normal people" who want to keep their Internet activity private from websites and advertisers, people who worry about cyber spy, users who avoid censorship such as activists, journalists, and military professionals. In November 2013, Tor has about four million users. According to Wall Street Journal, in 2012 about 14% of Tor traffic is connected from the United States, with people in "internet censorship countries" as the second largest user base. Tor is increasingly being used by victims of domestic violence and social workers and agents who assist them, although workers in shelters may or may not have professional training on cyber security issues. Implemented correctly, however, it hinders digital stalkers, who have been increasing due to the prevalence of digital media in contemporary online life. Together with SecureDrop, Tor is used by news organizations such as The Guardian, The New Yorker, ProPublica and The Intercept to protect the privacy of the complainant.

In March 2015, the Office of Parliament of Science and Technology released a briefing stating that "There is widespread agreement that banning the online anonymity system is not at all seen as an acceptable policy option in the UK" and that "Even if it exists, there will be technical challenges." The report further notes that Tor "played only a minor role in the online display and distribution of indecent children's drawings" (in part because of latency); its use by the Internet Watch Foundation, the utility of its hidden services for whistleblowers, and its circumvention of the Great Firewall of China are mentioned.

Tor executive director Andrew Lewman also said in August 2014 that NSA and GCHQ agents anonymously provided Tor with a bug report.

Project FAQ Tor offers support reasons for EFF support:

Criminals can do bad things. Since they are willing to break the law, they already have many options available that provide better privacy than the one provided by Tor....

Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy now, and we have to fix it.... So yes, the criminals can theoretically use Tor, but they already have better choices, and it seems unlikely that taking Tor off the world will stop them from doing their bad things. At the same time, Tor and other privacy actions can fight identity theft, physical crimes like stalking, and so on.

src: darkwebnews.com

Operation

Tor aims to hide the identity of its users and their online activities from monitoring and analyzing traffic by separating identification and routing. This is an implementation of onion routing, which encrypts and then randomly bounces communications through a network of relays run by volunteers around the world. This onion router uses encryption in a multilayered way (therefore an onion metaphor) to ensure perfect confidentiality among relays, thereby giving the user anonymity at the network location. The anonymity extends to hosting sensory-resistant content by Tor's hidden anonymous service feature. Furthermore, by storing some relay (secret relay) secret, users can avoid Internet censorship that relies on general Tor ray blocking.

Because the sender and recipient IP addresses are not both in clear text on every hop along the path, anyone who eavesdrops at any point along the communication channel can not identify both ends directly. Furthermore, to the recipient it appears that the last Tor knot (called the outgoing node), not the sender, is the originator of the communication.

Derived traffic

SOCKS-aware Tor user apps can be configured to redirect their network traffic through the Tor SOCKS instance interface. Tor periodically creates virtual circuits through Tor's network through which it can multiplex and route onions to its destination. Once inside the Tor network, traffic is sent from router to router along the circuit, eventually reaching the outgoing node where the cleartext packet point is available and forwarded to its original destination. Judging from the destination, traffic seems to originate in Tor's outgoing node.

Tor application independence differentiates it from most other anonymity networks: it functions at the Transmission Control Protocol (TCP) flow level. Apps that traffic are generally anonymized using Tor including Internet Relay Chat (IRC), instant messaging, and World Wide Web browsing.

Hidden services

Tor can also provide anonymity to other websites and servers. Servers configured to accept incoming connections only through Tor are called hidden services. Rather than disclosing the server's IP address (and thus its network location), the hidden services are accessed via the onion address, usually via Tor Browser. The Tor network understands these addresses by searching for the associated public key and introductory point of the distributed hash table in the network. It can route data to and from hidden services, even those hosted behind a firewall or network address translator (NAT), while maintaining the anonymity of both parties. Tor is required to access hidden services.

The hidden service was first specified in 2003 and has been used on the Tor network since 2004. Apart from the database that holds hidden service descriptors, Tor is decentralized by design; there is no direct readable list of all hidden services, although a number of hidden service catalogs are publicly known onion addresses.

Because the hidden service does not use outbound nodes , the connection to hidden services is end-to-end encrypted and is not subject to eavesdropping. However, there are security issues involving Tor's hidden services. For example, services that can be reached via the Tor and Internet hidden services are vulnerable to correlation attacks and thus are not completely hidden. Other traps include misconfigured services (eg Identify the information included by default in Web server error responses), statistics of operational time and downtime, junction attacks, and user errors. The open source OnionScan program, written by independent security researcher Sarah Jamie Lewis, comprehensively examines hidden services for various vulnerabilities and vulnerabilities. (Lewis has also pioneered the field of onion dilonik, since sex toys can connect unsafe through the Internet.)

Hidden services can also be accessed from standard web browsers without client-side connections to the Tor network, using services such as Tor2web. Popular sources of dark webon links include Pastebin, Twitter, Reddit, and other Internet forums.

Nyx status monitor

Nyx (formerly ARM) is a command line status monitor written in Python for Tor. This functionality is like top for system usage, providing real-time statistics for:

• resource usage (bandwidth, cpu, and memory usage)
• general relay information (nickname, fingerprint, flag, or/dir/controlports)
Event log
• with optional filtering and deduplication
• connections correlate with consensus tor data (ip, connection type, relay details, etc.)
• torrc configuration file with highlighting and syntax validation

Most of the Nyx attributes can be configured via an optional armrc configuration file. It runs on all platforms supported by a curse including Linux, macOS, and other Unix-like variants.

The project started in the summer of 2009, and since July 18, 2010 has become an official part of Project Tor. This is free software, available under the GNU General Public License.

src: steemitimages.com

Weakness

Like all current low latency anonymity networks, Tor can not and does not attempt to protect against monitoring traffic at Tor's network boundaries (ie, incoming and outgoing traffic). Although Tor does provide protection against traffic analysis, it can not prevent traffic confirmation (also called end-to-end correlation).

Despite the known weaknesses and attacks listed here, a 2009 study revealed that Tor and the alternative JonDonym network system (Java Anon Proxy, JAP) are considered more resilient to website fingerprint techniques than other tunneling protocols.

The reason for this is that conventional single-hop VPN protocols do not need to reconstruct packet data almost as much as multi-hop services like Tor or JonDonym. The fingerprinting website generates more than 90% accuracy to identify HTTP packets on conventional versus Tor VPN protocols that only generate 2.96% accuracy. However, some protocols such as OpenSSH and OpenVPN require large amounts of data before the HTTP packet is identified.

Researchers from the University of Michigan developed a network scanner that allowed 86% identification of Tor's "bridge" alive with one scan.

Eavesdropping

Autonomous System (USA) eavesdropping

If an autonomous (US) system exists on both segments of the line from the client to the incoming relays and from the relay out to the destination, such AS can statistically correlate the traffic on the entry and exit of the path segment and potentially infer the destination with the client communicated. In 2012, LASTOR proposed a method for predicting a range of US potentials in these two segments and then avoided selecting this path during the client-side selection algorithm. In this paper, they also increase latency by choosing a shorter geographic path between the client and the destination.

Exit from an eavesdropping node

In September 2007, Dan Egerstad, a Swedish security consultant, revealed he had intercepted a username and password for an e-mail account by operating and monitoring the Tor nodes out. Because Tor can not encrypt traffic between outgoing nodes and the target server, each outgoing node is in a position to capture traffic passing through it that does not use end-to-end encryption such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS). While this does not inherently violate the anonymity of the source, traffic that is intercepted in this manner by a third party of its own choosing may expose information about the source in one or both payload and protocol data. Furthermore, Egerstad was careful about the possible subversion of Tor by intelligence agencies:

"If you really see where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host as they use a lot of bandwidth, they're heavy duty servers and so on. pay for this and be anonymous? "

In October 2011, a team of researchers from ESIEA claimed to have found a way to compromise with the Tor network by decrypting the communications that passed it. The technique they describe requires making a map of the Tor network nodes, controlling a third of them, and then obtaining an encryption key and seed algorithm. Then, using these known keys and seeds, they claim the ability to decrypt two layers of encryption of three. They claim to break the third key with a statistical-based attack. To redirect Tor traffic to the nodes they control, they use denial-of-service attacks. Responses to this claim have been published on the official Tor Blog stating that rumors about Tor's compromise are greatly exaggerated.

Traffic analysis attacks

There are two methods of traffic attack-analysis, passive and active. In the passive traffic analysis method, the attacker extracts features from a particular stream traffic on one side of the network and searches for those features on the other side of the network. In the active traffic analysis method, the attacker changes the timing of the flow packets according to a particular pattern and searches for that pattern on the other side of the network; Therefore, the attacker can connect the flow on one side to the other side of the network and solve its anonymity. This is pointed out, even though time noise is added to the packet, there is a powerful active traffic analysis method for such sound.

Steven J. Murdoch and George Danezis of the University of Cambridge presented an article at the IEEE 2005 Symposium on security and privacy on traffic analysis techniques that enabled the opponent with only a partial view of the network to deduce which nodes were used to relay anonymous flow. These techniques greatly reduce the anonymity given by Tor. Murdoch and Danezis have also shown that unrelated flow can be linked back to the same initiator. However, this attack fails to reveal the identity of the original user. Murdoch has worked with and has been funded by Tor since 2006.

Block Tor knot exit

Internet site operators have the ability to prevent traffic from the Tor out node or offer reduced functionality for Tor users. For example, it is usually not possible to edit Wikipedia when using Tor or when using an IP address is also used by the Tor exit node, due to the use of the TorBlock extension MediaWiki, unless an exception is obtained. The BBC blocks the IP addresses of all known Tor and known keepers from the iPlayer service - but the relays and bridges are not blocked.

Bad apple attacks

In March 2011, researchers with the French research institute Rocquencourt in Computer Science and Automation (the National Institute de recherche en informatique et en automatique, INRIA), documented attacks capable of revealing the IP addresses of BitTorrent users on the Tor network. "Bad apple attacks" exploit the Tor design and take advantage of the use of unsafe applications to associate the simultaneous use of secure applications with the IP addresses of the corresponding Tor users. One method of attack depends on the control of the exit node response or tracker hijacking, while the secondary attack method is based in part on the statistical exploitation of the distributed hash tracking table. According to research:

The results presented in a bad apple attack research paper are based on attacks in the wild that were launched against the Tor network by the study authors. The attack targets six outgoing nodes, lasting for twenty-three days, and reveals a total of 10,000 active Tor user IP addresses. This research is important because it is the first documented attack designed to target P2P file sharing applications on Tor. BitTorrent can generate as much as 40% of all traffic in Tor. Furthermore, a bad apple attack is effective against unsafe use of any application over the Tor, not just BitTorrent.

Some protocols expose IP addresses

Researchers from the French Institute for Research in Computer Science and Automation (INRIA) point out that the Tor simulated technique in BitTorrent can be bypassed by attackers who control the Tor knot out. The study was conducted by monitoring six outgoing knots for a period of twenty-three days. The study used three attack vectors:

Checking BitTorrent control messages

The announced tracker and the extension protocol handshake can optionally contain the client's IP address. The analysis of the data collected indicates that 35% and 33% of the messages, respectively, contain the client's address.

Piracy hijacker's response

Due to lack of encryption or authentication in communications between trackers and peers, a typical man-in-the-middle attack allows an attacker to specify a peer IP address and even verify content distribution. Such attacks work when Tor is only used for tracker communications.

Utilize distributed hash table (DHT)

This attack exploits the fact that the distribution of hash table connections (DHT) via Tor is not possible, so the attacker can reveal the target IP address by searching it in DHT even if the target uses Tor to connect to other peers.

With this technique, researchers can identify other streams initiated by users, whose IP addresses are revealed.

Sniper attack

Jansen et al ., Describes DDoS attacks targeted at Tor node software, as well as defense against the attack and its variants. The attack works by collusive clients and servers, and fills the queue from the outgoing node until the node runs out of memory, and therefore can not serve other (native) clients. By attacking most of the outgoing nodes in this way, the attacker can lower the network and increase the chance of the target using the node controlled by the attacker.

Heartbleed bug

The OpenBlock Bug Heartbleed disrupts the Tor network for several days in April 2014 when the private key is updated. Tor Project recommends that Tor relay operators and hidden service operators revoke and generate new keys after patching OpenSSL, but noting the Tor relay using two sets of keys and multi-hop Tor design minimizes the impact of exploiting a single relay. 586 relays were later found vulnerable to the Heartbleed bug taken off-line as a precaution.

Finger fingerprinting

In March 2016 a Barcelona-based security researcher showed laboratory techniques using time measurements via JavaScript at a 1-millisecond level potentially identifying and connecting the user's unique mouse movements as long as the user had visited the same "fingerprinting" web site with both Tor browsers and regular browsers. This concept proof exploits the problem of "time measurement through JavaScript" which has been an open ticket at Project Tor for ten months.

Circuit fingerprinting attack

In 2015, Agora administrators, a black market, announced that they took the site offline in response to a newly discovered security vulnerability in Tor. They did not say what the vulnerability was, but Wired speculated it was the "Circuit Fingerprinting Attack" presented at the Usenix security conference.

Volume information

A study shows "anonymization solutions only partially protect against targeted selection that can lead to efficient oversight" because it usually "does not hide the volume information required to target targets".

src: i.kinja-img.com

Implementations

Tor's main implementation is written primarily in C, along with Python, JavaScript, and several other programming languages, and consists of 540,751 lines of code as of March 2016.

Tor Browser

Tor Browser, formerly known as Tor Browser Bundle (TBB), is a flagship product of Project Tor. It consists of a modified Mozilla Firefox ESR web browser, TorButton, TorLauncher, NoScript, and HTTPS Everywhere Firefox extensions and Tor proxies. Users can run Tor Browser from removable media. Can operate under Microsoft Windows, macOS, or Linux.

Tor Browser automatically starts the Tor background process and drives traffic through the Tor network. After session termination, the browser deletes privacy-sensitive data such as HTTP cookies and search history.

Following a series of global controls, Stuart Dredge (writing in The Guardian in November 2013) recommends using Tor Browser to avoid tapping and maintaining privacy on the Internet.

Firefox anonymity attacks/JavaScript

In August 2013, it was found that Firefox browser in many versions of Tor Browser Bundle is vulnerable to JavaScript attacks, since NoScript is not enabled by default. Attackers use this vulnerability to extract the MAC and IP address of the user and the name of the Windows computer. The news report connects this to the operations of the US Federal Bureau of Investigation (FBI) targeting the owner of Freedom Hosting, Eric Eoin Marques, who was arrested by a temporary extradition order issued by a US court on July 29. The FBI sought to extradite Marques from Ireland to Maryland on four counts - distributing, conspiring to distribute, and advertising child pornography - and assisting and abetting with child pornography ads. The warrant alleges that Marques is "the greatest child pornography facilitator on the planet". The FBI recognizes the attack in a September 12, 2013 court filing in Dublin; Further technical details of the training presentation leaked by Edward Snowden reveal the codename to exploit it as "EgotisticalGiraffe".

The FBI, in Operation Torpedo, has targeted Tor's hidden server since 2012, as in the case of Aaron McGrath, who was sentenced to 20 years for running three hidden Tor servers containing child pornography.

Tor Messenger

On October 29, 2015, Tor Project released Tor Messenger Beta, an instant messaging program based on Instantbird with Tor and OTR built and used by default. Like Pidgin and Adium, Tor Messenger supports several different instant messaging protocols; however, it resolves this without relying on libpurple , applying all the chat protocols in the memory-safe JavaScript language instead.

In April 2018, Project Tor closed the messenger project because Instantbird developers stopped support for their own software.

Third-party apps

BitTorrent Vuze clients (formerly Azureus), anonymous messaging system Bitmessage, and TorChat instant messaging including Tor support.

The Guardian Project is actively developing a suite of free and open source applications and firmware for the Android operating system to enhance the security of mobile communications. These apps include ChatSecure instant messaging clients, Orbot Tor implementations, Orweb (not resumed) privacy-enhanced mobile browsers, Orfox, mobile partners from Tor Browser, ProxyMob Firefox and ObscuraCam browsers.

Operating system that focuses on security

Some security-focused operating systems such as GNU/Linux distributions include Hardened Linux From Scratch, Incognito, Libertà © Linux, Qubes OS, Subgraph, Tails, Tor-ramdisk, and Whonix, using Tor extensively.

src: steemitimages.com

Advocates for Tor say support for freedom of expression, including in countries where the internet is censored, by protecting user privacy and anonymity. The mathematical principles of Tor led him to be characterized as acting "like infrastructure, and the government naturally fell into paying for the infrastructure they wanted to use".

The project was originally developed on behalf of the US intelligence community and continues to receive US government funding, and has been criticized as "more like a spy project than a tool designed by a culture that values ​​accountability or transparency". In 2012, 80% of the $ 2M annual budget The Tor Project comes from the United States government, with the US Department of State, the Board of Governors of Broadcasting, and the National Science Foundation as the main contributor, aiming "to help democracy advocates in authoritarian states". Other public funding sources include DARPA, the US Naval Research Laboratory, and the Swedish Government. Some have suggested that the government values ​​Tor's commitment to free speech, and uses darknet to gather intelligence. Tor also receives funds from NGOs including Human Rights Watch, and private sponsors including Reddit and Google. Dingledine said that the United States Department of Defense fund is more similar to a research grant than a procurement contract. Tor executive director Andrew Lewman said that despite receiving funding from the US federal government, Tor's service did not collaborate with the NSA to disclose the user's identity.

Critics say that Tor is not as safe as he claims, pointing to US law enforcement investigations and site closures using Tor such as web hosting company Freedom Hosting and Silk Road in the online marketplace. In October 2013, after analyzing the documents leaked by Edward Snowden, The Guardian reported that the NSA had repeatedly tried to crack Tor and failed to penetrate its core security, despite having successfully attacked the computer from individual Tor users. The Guardian also publish a slide classified NSA 2012 slide, titled "Tor Stinks", which says: "We will never be able to undo-anonymize all Tor users all the time", but "with manual analysis we can -onymized a small portion of Tor users ". When Tor user is captured, it is usually due to human error, not because the core technology is hacked or cracked. On November 7, 2014, for example, joint operations by the FBI, ICE Homeland Security investigations and European law enforcement agencies led to 17 arrests and seizures of 27 sites containing 400 pages. A late 2014 report by Der Spiegel using a new cache from Snowden leak was revealed; however, in 2012 the NSA regarded Tor as a "major threat" to its mission, and when used in conjunction with other privacy tools such as OTR, Cspace , ZRTP, RedPhone, Tails, and TrueCrypt were ranked as "major disasters", leading to "total loss/lack of insight for target communication, presence..."

In March 2011, The Tor Project received the Free Software Foundation 2010 Award for the Social Benefits Project. The quote reads, "Using free software, Tor has enabled about 36 million people worldwide to experience freedom of access and expression on the Internet while keeping them in control of privacy and anonymity.The network has proven to be very important in dissident movements in both countries. Egypt recently. "

In 2012, the Foreign Policy magazine named Dingledine, Mathewson, and Syverson among the Top 100 Thinkers of the Global "to make the web safe for whistleblowers".

In 2013, Jacob Appelbaum described Tor as "part of a software ecosystem that helps people regain and reclaim their autonomy.This helps to enable people to have different bodies, it helps others to help each other and help you to help This is running, open and supported by a large community spread across all levels of society. "

In June 2013, whistleblower Edward Snowden uses Tor to send information about PRISM to The Washington Post and The Guardian.

In 2014, the Russian government offered a $ 111,000 contract to "study the possibility of obtaining technical information about users and user equipment on an anonymous Tor network".

In October 2014, The Tor Project hired the Thomson Communications public relations firm to improve its public image (especially regarding the terms "Dark Net" and "hidden services," which are widely viewed as problematic) and to educate journalists about the technical aspects of Tor.

In June 2015, the special rapporteur of the Office of the High Commissioner for Human Rights of the United Nations specifically mentions Tor in the context of a US debate about allowing so-called backdoors in the encryption program for law enforcement purposes in interviews for The Washington Post .

In July 2015, Tor Project announced an alliance with the Library Freedom Project to build a knot out at a public library. The pilot program, which formed a mid-run relay on the bandwidth surplus provided by Kilton Library in Lebanon, New Hampshire, made it the first US library to host the Tor knot, held briefly when the local city manager and deputy sheriff voiced concern over the cost of defending the search warrant for information passed through the Tor exit node. Although the US Department of Homeland Security has warned the New Hampshire authorities of the fact that Tor is sometimes used by criminals, the Lebanese Deputy Chief of Police and the City Deputy Manager affirm that there is no pressure to a strong arm of the library was implemented, and the service was re-established on September 15, 2015. Rep. AS Zoe Lofgren (D-Calif) released a letter on December 10, 2015, in which he requested the DHS DHS employees suppress or persuade public and private entities to stop or decrease services that protect the privacy and anonymity of US citizens." In a 2016 interview, Library IT Manager Kilton Chuck McAndrew stressed the importance of engaging libraries with Tor: "Librarians always care deeply about protecting privacy, intellectual freedom, and access to information (freedom to read).Surveillance has a very well documented cool effect on intellectual freedom is the duty of librarians to remove barriers to information. "The second library to host the Tor knot is the Las Naves Public Library in Valencia, Spain, which was held in the first months of 2016.

In August 2015, IBM's security research group, called "X-Force", issued a quarterly report that suggested the company to block Tor on security grounds, citing "steady improvements" in attacks from Tor out nodes and botnet traffic.

In September 2015, Luke Millanta developed and released OnionView, a web service that plots the location of active Tor relay nodes to an interactive world map. The objective of the project is to detail the size of the network and the increased rate of growth.

In December 2015, Daniel Ellsberg (from Pentagon Papers), Cory Doctorow (from Boing Boing), Snowden, and activists Molly Crabapple, among others, announced their support for Tor.

In March 2016, New Hampshire state representative Keith Ammon introduced a bill that allowed public libraries to run privacy software. The bill specifically refers to Tor. The text was made with extensive input from Alison Macrina, director of the Library Freedom Project. The bill was passed by House of Representatives 268-62.

Also in March 2016, the first Tor knot, in particular the central relay, was established at a Canadian library, Graduate Resource Center (GRC) at the FIMS at the University of Western Ontario. Given that the path of Tor exit is an unresolved area of ​​Canadian law, and that in general the institution is more capable than the individual to overcome legal pressure, Alison Macrina of the Library Freedom Project believes that in some cases he wants to see intelligence agencies and enforcement efforts the law to intervene if there is a knot out.

On May 16, 2016, CNN reported the core case of core developer Isis Agora Lovecruft, who escaped to Germany under threat of a FBI summons during the previous year's Thanksgiving break. Lovecruft has legal representation from the Electronic Frontier Foundation.

On December 2, 2016, The New Yorker reported an increase in digital privacy and security workshops in the San Francisco Bay Area, particularly at Hackerspace Noisebridge, behind the 2016 presidential election of the United States; download the Tor browser mentioned. Also, in December 2016, Turkey has blocked the use of Tor, along with ten of the most used VPN services in Turkey, which is a popular way to access banned social media sites and services.

Tor (and Bitcoin) are essential for the operation of the AlphaBay black market, which is downgraded in international law enforcement operations in July 2017. Despite federal claims that Tor will not protect you, however, the basic operational security faults outside the ambit of the Tor network caused the downfall site.

In June 2017, American Social Democrats recommended the use of alternate Tor. [1] And in August 2017 according to the cybersecurity reportage company specializing in monitoring and researching the dark web (which relies on Tor as its infrastructure) on behalf of banks and retailers routinely share their findings with the FBI and with other law enforcement agencies "whenever possible and need "related illegal content. Russian-speaking suburbs offering a crime model as a service are considered very powerful.

src: img.wonderhowto.com

Enhanced security

Tor responds to the previous vulnerabilities listed above by patching and improving security. In one way or another, human error (the user) may cause detection. The Tor Project website provides best practices (hints) on how to use the Tor browser correctly. When not properly used, Tor is not secure. For example, Tor warns its users that not all traffic is protected; only traffic is routed through a protected Tor browser. Users are also warned to use https website version, not torrent with Tor, not activate browser plugin, not open documents downloaded via Tor while online, and use secure bridge. Users are also warned that they can not provide their names or other disclosure information in web forums above Tor and remain anonymous at the same time.

Despite the intelligence agencies' claims that 80% of Tor users will be de-anonymous in 6 months in 2013, that still has not happened. In fact, as of September 2016, the FBI can not find, silence and identify Tor users who hack into staff email accounts on Hillary Clinton's email servers.

The best tactics of law enforcement agencies to not anonymize users seem to stick with Tor-relay enemies running toxic nodes, as well as relying on the users themselves using Tor browser improperly. For example, downloading videos through Tor browser then opening the same file on an unprotected hard drive while online can make the user's original IP address available to the authorities.

Possible detection

When used correctly, the possibility to de-anonymized via Tor is said to be very low. One of the founders of the Tor project, Nick Mathewson, recently explained that the problem of "Tor-relay enemies" running toxic nodes means that this kind of theoretical enemy is not the greatest threat of networking:

"No enemy is truly global, but no enemy needs to be truly global," he said. "Eavesdropping across the Internet is a matter of several billion dollars.Runing multiple computers to eavesdrop on a lot of traffic, selective denial of service attacks to drive traffic to your computer, it's like tens-of-thousands of trouble -dollars." At the most basic level , an attacker running two toxic Tor nodes - one entry, one exit - can analyze traffic and thus identify the percentage of small and disadvantaged users whose circuit happens to cross both nodes. Tor network currently offers, from a total of about 7,000 relays, about 2,000 guard (entry) nodes and about 1,000 outgoing nodes. So the probability of such an event occurring is one of two million (1/2000 x 1/1000), giving or receiving.

Tor does not provide protection against end-to-end time attacks: if an attacker can see traffic coming out of the target computer, and also traffic arrives at the target selected destination (eg server hosting an.onion site), he can use statistical analysis for find that they are part of the same circuit.

Security level

Depending on the needs of each user, the Tor browser offers three levels of security located under the Onions tab & gt; Security settings. In addition to encrypting data, including changing IP addresses continuously through virtual circuits consisting of a randomly selected Tor relay, several other security layers are at the disposal of the user:

1. Low (default) - at this security level, all browser features are enabled.

- This level provides the most useful experience, and the lowest level of security.

2. Currently - at this security level, the following changes apply:

- HTML5 video and audio media becomes click-to-play through NoScript.

- In the site where JavaScript is enabled, performance optimization is disabled. Scripts on some sites may run more slowly.

- Some mechanisms display math equations disabled.

- Some features of font rendering disabled.

- JavaScript is disabled by default on all non-HTTPS sites.

3. High - at this level of security, this additional change applies:

- JavaScript is disabled by default on all sites.

- Some image types are disabled.

- Some fonts and icons may be displayed incorrectly.

src: www.prophethacker.com

See also

src: steemitimages.com

Footnote

src: news-cdn.softpedia.com

References

src: steemitimages.com

External links

• Official website
• Archived: The Official List of mirror websites
• Introduction to animation
• Tor: Hidden Service and Deanonymization presentations at the 31st Chaos Computer Conference
• TorFlow, dynamic visualization of data flowing in the Tor network
• Tor onion service: more useful than you think in a 2016 presentation at the 32nd Annual Mess of Communist Conflicts
• A core developer of Tor teaches at Radboud Nijmegen University in the Netherlands on anonymity systems in 2016
• Technical presentations given at the University of Waterloo in Canada: Tor Tor Circuit Cryptography: Attacks, Hacks, and Repairs
• Presentation at the Vancouver BSides Conference March 2017 on security practices on Tor hidden services provided by Sarah Jamie Lewis

Source of the article : Wikipedia