{"id":293,"date":"2012-09-27T01:00:00","date_gmt":"2012-09-26T23:00:00","guid":{"rendered":"https:\/\/www.fussylogic.co.uk\/blog\/?p=293"},"modified":"2012-08-31T09:23:59","modified_gmt":"2012-08-31T08:23:59","slug":"getting-started-with-tor","status":"publish","type":"post","link":"https:\/\/www.fussylogic.co.uk\/blog\/?p=293","title":{"rendered":"Getting Started With Tor"},"content":{"rendered":"<p>I\u00e2\u20ac\u2122ve heard lots about <a href=\"http:\/\/en.wikipedia.org\/wiki\/Tor_%28anonymity_network%29\">Tor<\/a>, and thought it was about time I learned how to use it. I have no actual use for it; but in the same way I have no emails that are really private and yet still use OpenPGP, I like to know how to use the technology that keeps prying eyes away from me should I need it.<\/p>\n<p>Tor is a so-called onion-router. It\u00e2\u20ac\u2122s job is to hide the two ends of a connection from each other. This is done by introducing multiple intermediate nodes who only know about the next intermediate. In fact there is no way for any particular node to know if it is talking to an end point or not.<\/p>\n<p>The Tor network is run by volunteers that are willing to pass packets to and fro under instruction from other Tor nodes. They each publish a public key for their node. That list of public keys allows the \u00e2\u20ac\u0153onion\u00e2\u20ac\u009d to be created. At the centre of the onion is the payload, this is the message you want to send. Let\u00e2\u20ac\u2122s assume that the endpoint is public, but you want to hide your communication from any observer (like, say, the Chinese government).<\/p>\n<ul>\n<li>Select a random path through the Tor network<\/li>\n<li>Work backwards from the end point.<\/li>\n<li>For each node on the network you create a wrapper. That wrapper says where the inner layer should be delivered next.<\/li>\n<li>You encrypt that wrapped package the target node on the path.<\/li>\n<li>Now you move to the node in the path next closest to you, and repeat. Wrap, encrypt.<\/li>\n<li>And so on.<\/li>\n<\/ul>\n<p>Eventually, you are holding an \u00e2\u20ac\u0153onion\u00e2\u20ac\u009d packet that has been wrapped and encrypted; wrapped and encrypted; wrapped and encrypted and is ready to be delivered to the first node in the path. That node is the only one able to unwrap that \u00e2\u20ac\u0153skin\u00e2\u20ac\u009d, read the wrapper and see who gets the next layer.<\/p>\n<p>It doesn\u00e2\u20ac\u2122t matter who sees the packet, they can\u00e2\u20ac\u2122t connect the input to the node to the output from the node and they can\u00e2\u20ac\u2122t see where it\u00e2\u20ac\u2122s final destination is. Only the last node (called the exit-node in Tor parlance) gets to see the final destination, and they don\u00e2\u20ac\u2122t know where it came from. Assuming the core packet is itself encrypted, then not only is no node able to read the communique, no node knows simultaneously who sent it and who it is addressed to.<\/p>\n<p>The above was a method for hiding access to a publicly known service. What if you want to hide the service as well? In that case, the server runs inside the Tor network. There is no exit node. That means any one of the intermediate nodes could be the destination node. None of the other intermediates know that. Only that destination node can decrypt the packet and see that it is addressed to it.<\/p>\n<p>The target service is therefore identified not by IP address (it wouldn\u00e2\u20ac\u2122t be very hidden then) but by a so-called <em>pseudo-domain<\/em>. You will be familiar with normal domains, <code>www.google.com<\/code> translates to an IP address using the DNS network and your computer then connects to that address. Tor relies on the client software to understand the <code>.onion<\/code> top-level domain. Of course not all software is Tor-enabled \u00e2\u20ac\u201d you can try typing a <code>.onion<\/code> domain into your browser. You\u00e2\u20ac\u2122ll get nothing.<\/p>\n<p>For software that does understand <code>.onion<\/code> domains, rather than querying the DNS system (which maps names to IP addresses); the client software queries the Tor network itself, which knows how to resolve these addresses. The implication is that you need either a plugin or specially customised versions of your clients (like your web browser) to use a hidden Tor service.<\/p>\n<p>Key feature of Tor:<\/p>\n<ul>\n<li>You can browse any site without that site knowing your IP address.<\/li>\n<li>You can browse any site without any intermediate (like your ISP, BT, the government) being able to see that you are doing so.<\/li>\n<li>You can browse \u00e2\u20ac\u02dchidden services\u00e2\u20ac\u2122 who don\u00e2\u20ac\u2122t want to reveal their IP address to anyone.<\/li>\n<li>Hidden sites operate a name resolution system outside of the internet standard, DNS. That means those sites cannot be shut down in the normal SOPA\/ACTA\/DMCA\/SIPA\/IWF sense. Your internet connection is yours to do with as you please.<\/li>\n<\/ul>\n<hr \/>\n<p>Here\u00e2\u20ac\u2122s what I did on Debian:<\/p>\n<pre><code>$ apt-get install tor\nSetting up tor (0.2.2.35-1) ...\nSomething or somebody made \/var\/run\/tor disappear.\nCreating one for you again.\nRaising maximum number of filedescriptors (ulimit -n) to 32768.\nStarting tor daemon: tor...\nFeb 09 15:39:25.584 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)\nFeb 09 15:39:25.585 [notice] Initialized libevent version 2.0.16-stable using method epoll. Good.\nFeb 09 15:39:25.586 [notice] Opening Socks listener on 127.0.0.1:9050\nFeb 09 15:39:25.586 [notice] Opening Control listener on \/var\/run\/tor\/control\n<\/code><\/pre>\n<p>Then I went to the <a href=\"https:\/\/check.torproject.org\/\">Tor check page<\/a>, which happily told me that I wasn\u00e2\u20ac\u2122t connected using Tor. Which didn\u00e2\u20ac\u2122t surprise me, I haven\u00e2\u20ac\u2122t told the browser to do anything but connect directly. Similarly, the Tor guide actually says<\/p>\n<blockquote>\n<p>Please note that it is important that you use the browser that comes with the bundle, and not your own browser.<\/p>\n<\/blockquote>\n<p>Tor comes with a pre-configured and modified-for-Tor browser. I\u00e2\u20ac\u2122m more a do-it-yourself sort of person though. Debian very nicely packages the Firefox plugin that will take care of the magic for us.<\/p>\n<pre><code>$ apt-get install xul-ext-torbutton\nSetting up xul-ext-torbutton (1.4.5.1-1) ...\n<\/code><\/pre>\n<p>Then restart Firefox, and you will see a new button on the address bar: a little onion with an \u00e2\u20ac\u02dcX\u00e2\u20ac\u2122 on it. Push it, and reconnect to the <a href=\"https:\/\/check.torproject.org\/\">Tor check page<\/a>. This can be considerably slower than your normal browsing experience because the packets are travelling along a far more convoluted path and with considerably more encryption done inbetween. Eventually though you will get a congratulatory page.<\/p>\n<p>If you were a dissident, you could now breathe a little easier. Your oppressive government can\u00e2\u20ac\u2122t watch you. They might be able to tell that you\u00e2\u20ac\u2122re using Tor (however Tor uses ports 80 and 443, so it\u00e2\u20ac\u2122s hard to tell apart from normal encrypted web traffic), but they can\u00e2\u20ac\u2122t see what you\u00e2\u20ac\u2122re doing or who you\u00e2\u20ac\u2122re talking to.<\/p>\n<p>The Tor plugin, Torbutton, is really just an interface to an automatic settings switcher. Torbutton disables leaky features (plugins, etc) and changes your browser proxy to point at the local Tor client. Any application that supports proxy configuration can therefore also use Tor by setting the proxy manually:<\/p>\n<pre><code>SOCKS v5 proxy    127.0.0.1:9050\n<\/code><\/pre>\n<hr \/>\n<p>Now, let\u00e2\u20ac\u2122s try accessing a hidden service. With Torbutton still active, connect to<\/p>\n<pre><code>http:\/\/3g2upl4pq6kufc4m.onion\/\n<\/code><\/pre>\n<p>This is the Tor hidden service address for the <a href=\"http:\/\/duckduckgo.com\/\">DuckDuckGo<\/a> search engine. If you can see that, you should be able to access any hidden service you wish. I had no trouble seeing <a href=\"http:\/\/en.wikipedia.org\/wiki\/Silk_Road_%28marketplace%29\">Silk Road<\/a>; but not being into drugs found it had nothing I want \u00e2\u20ac\u201d YMMV.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I\u00e2\u20ac\u2122ve heard lots about Tor, and thought it was about time I learned how to use it. I have no actual use for it; but in the same way I have no emails that are really private and yet still use OpenPGP, I like to know how to use the technology that keeps prying eyes\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.fussylogic.co.uk\/blog\/?p=293\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[6,18],"_links":{"self":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/293"}],"collection":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=293"}],"version-history":[{"count":4,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/293\/revisions"}],"predecessor-version":[{"id":636,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/293\/revisions\/636"}],"wp:attachment":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=293"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}