Horizon TV, season 53, episode 13 (early September 2014) did a segment on the Internet including government and corporate snooping. A portion was a decent non-techie exploration of Tor.
I was left with the belief more people should use Tor. Some links to that show:
http://www.bbc.co.uk/programmes/b04grp09
https://www.youtube.com/watch?v=fTjNkbLBEqg
What is Tor?
"Tor" stands for "The onion router". Long before the recent revelations of government overreach or even the Web, David Chaum considered ways of keeping anonymity while communicating. Those kinds of ideas are the basis of Tor.
Imagine a line of people passing on packages where each person can only see who is on either side and can't look into the packages. People in the middle of the line don't know where the packages came from or where they are going. Plus, each person handles dozens of identical looking packages, mixing them up to make it hard to track any one package.
Tor's basic purpose is to route your Internet traffic in a way that obscures the user's origin as well as the path the traffic takes to a website.
Individual computers acting as Tor routers only know "who" passed it a cell of data and "who" to pass it to. The cell of data is encrypted in a layered way so that each Tor router along the path can't read the cell's content. The layers of encryption are removed, like the layers of onions, as the cell is passed on.
Greater participation increases anonymity and autonomy for all. Good idea to use while researching medical treatments, job prospects, competitor analysis and many other reasons. Also shows governments we want privacy, an important human right.
Freely available Tor applications: https://www.torproject.org/download/download.html.en
I like the idea of anonymous browsing, but here is the problem I have with TOR, and other similar projects.
Exit nodes.
See at some point the packets have to jump back into the internet un-encrypted, because the destination server is not running any SSL. If it got an encrypted packet, it wouldn't be able to read it. Tor exit nodes are these jumping off points.
And anyone running an exit node can read your packets. Thinks like usernames and passwords for un-encrypted sites, like this one. Sure, they may not know where the packet came from, but if they hi-jack your account to 10mm-firearms.com, they can just login as you and get your email address and more. Kinda de-anonymizes in a hurry.
And if someone wants to hijack the network, they can. Set up a router farm of TOR exit nodes on Azure or Amazon cloud. Then run DOS attacks on the other nodes forcing all the traffic to the nodes they are running. Nodes where they sniff for usernames and passwords.
And since most people recycle passwords, they they will likely be able to use the email and passwords gleaned there other places that are secure, like amazon.com. Or paypal. Places that do store sensitive financial information.
If you really wanna be secure and anonymous, your are gonna have to pay for it. Cause in this one area, I see open source projects as a liability.
Yes, there are things one should not do over Tor. One is logging into accounts of any kind. Especially doing that through Tor, and later, directly. The Tor site has a list of no-nos.
More and more, sites are moving to encrypted connections. If someone hits port 80, the site moves the connection to 443. Government and corporate snooping caused a beneficial backlash. 8)
Another that people may not realize, PDF files can be scripted to access the network directly and in doing so, pass on the IP address of the user directly to where the PDF is hosted.
My laptop disallows browser plugins from doing that (independent of Tor, for any browsing). That's why I noticed one state's CCW application PDF tried to "call home". For anyone's information, the PDF files from www.handgunlaw.us are fine.
Fortunately Tor has defenses for the other attacks mentioned. It's generally agreed Tor itself protects the source.
People are always the weakest link.
Agreed.
People who understand technology and are properly informed about security risks generally take precautions
Those who don't understand technology but are informed often create bigger problems for themselves by the "fixes" they think they are using.
I just work at not doing anything online I wouldn't do in my front yard. :P
Tor and firearms have a lot in common. Governments and media push the idea that they are associated with nefarious action.
In reality, both are about protecting fundamental human rights and keeping oppressive governments in line.
Both have very legitimate uses. Some reasons for using Tor: research medical conditions, job searches, competitive analysis. An employer may dismiss someone who is searching for information on illnesses that increase insurance rates. Marketing departments may want to research opportunities without revealing which companies are interested. Or just like some who buy a gun "because they can", some may want to exercise their right to privacy "because they can".
Just like firearms, the more both are used by larger numbers, the harder it is for governments to thwart.
Freedom organizations can set up .onion sites. If one runs 'host' or 'whois' on those sites, they resolve to '127.192.0.10', a localhost, non-routable IP address. So, Tor helps the oppressed resist tyranny.
Hopefully, the day will never come where firearms websites need to move to .onion domains to avoid government oppression. But Tor will be there if needed, just like firearms.