21 Jul 2019 - tsp
Last update 21 Jul 2019
TOR is an network that provides a service to anonymize connection metadata and provides some additional security features on top of that. It’s called The Onion Router, hence TOR. It can build arbitrary TCP connections and route them encrypted via multiple hops.
TOR has been developed since the early year 2000 and has it’s origins at the university of Cambridge. It has been available since 2002 and has been supported (in it’s early years from 2001 to 2006) by the United States Naval Research Laboratory, the Office of Naval Research as well as the Defense Advanced Research Projects Agency. This heavy support by the US military originates from their need to use covert communication with troops and administration in foreign territory and there are rumors that intelligence agencies are also using the facilities that TOR provides to run their covert operations. Till 2011 about 60 percent of the money the TOR project gathered was founded by the US government.
Since about 2014 also larger services like Facebook have been available via TOR.
TORs ability to built anonymized TCP connections into the clearnet is one of its major features. This works by using the TOR daemon as a socks4a or socks5 proxy server. All network packets are encrypted two times for different relay and exit nodes. One can imagine that as taking the original traffic and encrypting it once so the exit node can decrypt it, use that enveloped data that nobody else than the exit node can decrypt and encrypt it again so that only a relay node can read it. The only information that a relay node will see is from whom the packet originates and to which exit node it should pass the packet. The relay is incapable of reading any clear data. As soon as the packet reaches the exit node the exit node can decrypt data as it will be passed from the clearnet but will only see the relay node as originator and not the original user. The name onion routing originates from this two crypto layers that are applied.
Since the clearnet target only sees the exit node as communication partner, the exit node only sees the relay and the clearnet partner and the relay only sees the user and the exit node nobody has a complete link between the user and the clearnet node - hence metadata anonymization.
Since anyone can run an relay and an exit node one should never trust them. One should never use unencrypted and unauthenticated traffic (like for example HTTP without TLS (i.e. only HTTPS), unauthenticated and unencrypted SMTP, etc.) via TOR into the clearnet except one really has strong reasons to do so (and doesn’t leak any information that way).
Note: You are highly encouraged to run your node as relay - this is also perfectly legal and never does you harm. If you have the ability it’s also encouraged to run an Exit node but be awar that this might be legally challenging. One is of course not liable for the traffic that originates the traffic node but law enforcement might do investigations and even confiscicate IT equipment or perform house searches when some illegal activity is tunneled via an Exit. So you should only really run an exit node if you are legally knowing what you are doing and most certainly don’t want to do that from home but from an rented our housed dedicated server that does nothing else than run an TOR exit node. Running a relay on the other hand is highly encouraged to prevent timing analysis or bandwidth analysis on your traffic - except when you are running hidden services then running a relay is disencouraged because there are situations that might deanonymize you as the operator of the service.
One can use nearly aribtrary services via TOR - only some like raw port 25 (SMTP) are blocked to prevent abuse as spamming anonymization tool.
One should always adhere to some basic rules mentioned later when using TOR!
Hidden services are the second major service TOR provides. Using the clearnet access facilities via Exit Nodes one can hide the consumer of a service but not the provider. Hidden Services add anonymization of the service operator, are only accessible via TOR clients and provide some additional security features.
TOR hidden services come in two flavours:
If you want to run your own hidden service I’ve got another article about that.
When you’re using Microsoft Windows or MacOS and just want to access websites or hidden services via their website you should really use the TOR browser bundle. This is a highly modified and preconfigured variant of the Firefox browser bundeled with the TOR daemon. The browser is configured in a way to facilitate safe browsing (see guidelines below). The only thing you should really care about is:
You can simply run the installer and are good to go to use the browser.
You can also use TOR on Android. There is either the Tor Browser available via Google Play - or better via direct download. When using the version from the Playstore you get automatic updates - but on the other hand you would have to check validity of the APK every single time it changes.
Be aware that you can use other applications via TOR too (that might even help to prevent an evil wireless provider or cell communications provider to evesdrop on your communication) - but anonymity with Android deviecs is really hard to achieve. If you are running TOR in VPN mode some services will leak your personal information when you are for example running with Google’s Location Services, any Play Services, any stuff that is doing automatic synchronization, using assisted GPS, etc. On a mobile if you want to achieve anonymity carefully select the applications that you are using via TOR. If you want to use TOR to protect yourself from your WiFi / GSM provider go ahead and use VPN mode.
There is no preconfigured browser package for this operating system. You can install the TOR
client via the
security/tor package or ports.
pkg install security/tor
make install clean
You can configure TOR via
/usr/local/etc/tor/torrc. Normally you want to to only listen on
a local loopback address (default is
127.0.0.1:9050). Be aware of that if you are using TOR
inside a jail - since loopback is then most of the time a public interface bound to the public
IP of the jail!
Normally the default policy should be acceptable for client only usage and running as a relay.
To start the client add
tor_enable="YES" to your
/etc/rc.conf and then run
/usr/local/etc/rc.d/tor start to startup immediately. If you just want to try TOR
without starting on every boot use
/usr/local/etc/rc.d/tor onestart without modifying
Then you have to configure your browser. Since this is browser specific the steps you should take are:
On Firefox (you can install Firefox via
www/firefox package or port) you do this by
using Tools/Options (or
about:preferences URI), scrolling down to
settings. Then you can select manual proxy configuration and enter the
127.0.0.1 on port
SOCKS5 and make sure that
you are ticking the
Proxy DNS when using SOCKS 5 option. If you don’t do this you will
leak metadata to your ISP and your network via DNS queries.
about:config page. The
option is called
you are clearing the way for way to many browser fingerprinting techniques, sidechannels, etc.
Please run your node as a relay if you are not running hidden services. That helps you to prevent traffic analysis and the more relays are up and running the better the network works.
This article is tagged:
Dipl.-Ing. Thomas Spielauer, Wien (email@example.com)
This webpage is also available via TOR at http://rh6v563nt2dnxd5h2vhhqkudmyvjaevgiv77c62xflas52d5omtkxuid.onion/