Surfing the web without protection inevitably leaves behind more traces than you ever bargained for. This information trail includes IP addresses that make you easily trackable. Not only do investigators use them for hunting down criminals and "potential attackers," but various web projects and trackers use them to monitor users' surfing behavior for resale. A whole industry depends on it.

To make things harder for data collectors, you need to conceal your personal data as much as possible. This is where the Tor network [1] comes into play. It consists of a network of worldwide computers linked together by encrypted data traffic.

How Tor Works

Tor stands for "The Onion Router," a project originally initiated by the United States Navy [2] and implemented to protect communication between government agencies.

At its core, Tor works as follows: At the starting point, the client obtains a list of so-called Tor nodes from a directory server and registers with one of them. Once the client opens a web page, it connects via SOCKS to an Entry Guard, which forwards the request to a second node that passes it, in turn, to a third, the Exit Node. For efficiency purposes, Tor developers decided on three connection nodes only (Figure 1).

Figure 1: The Tor network basically works as follows: A client sends a request to an Entry Guard that forwards it encrypted to a Relay Node (without knowing the destination of the request). The Relay Node knows neither the source nor destination of the request and forwards it to an Exit Node only. The Exit Node knows only the destination of the request, but not its owner. Because none of the nodes handle all the data, attackers have a hard time uncovering the complete connection path.

What makes connection with Tor so secure is the fact that each server, by using different levels of encryption, sees only part of the data connection. Thus, the Entry Guard doesn't know which host the client wants to reach. Only the Exit Node knows that, but without knowing the client's identity. To discover the connection, an attacker must crack the whole framework. However, Tor automatically and randomly alters the node routes every ten minutes, so the attacker likely will discover only part of the route. This architecture makes it nearly impossible even for intelligence agencies to monitor the communication data of a certain computers over longer periods.

And, this is where Tor is different from other anonymizing proxies. As a rule, the latter use static server cascades and typically belong to companies that, depending on the server location, are obliged to monitor connections. Thus, it's easier for agencies to trace those connections back to their origins.

The communication between the Tor nodes and the client is totally encrypted. Only the connection from the Exit Node to the destination remains unencrypted, unless the contacted server does not itself deliver encrypted content (e.g., via SSL). Apart from web browsing, Tor supports services such as IRC, Instant Messaging, email, and SSH. To use these services, each client must support SOCKS connections.

Using Tor

Both Ubuntu and openSUSE provide Tor in their repositories for installation over the package manager. If the current version 1.2.3.25 isn't present, the Tor project recommends installing it from its sources. This is important, because some Tor nodes reject connections attempts from older versions.

The service loads automatically after installation. You can start and stop it manually by using the commands sudo torctl [start|stop] and /etc/init.d/tor [start|stop], respectively. Tor gets its directives from the /etc/tor/torrc file. A configuration is usually unnecessary but can provide some extra useful functions.

To use the Tor network, you need to configure your web browser accordingly. In Firefox, for example, enter the 127.0.0.1 address for the SOCKS Host and use port 9050. Then, mark the SOCKS v5 check box. Whereas the Torbutton add-on helped in the past to set up a fast anonymous connection, you can now do without it. According to developer Mike Perry, Torbutton provided only "nightmare situations for anonymity and privacy" [3]. The project no longer provides it as a separate add-on; it is only bundled with the Tor Browser Bundle (see the "Tor Browser Bundle" box).

Advanced Settings

The normal Tor operation doesn't require any configuration changes. This could change, however, if you want to take full advantage of the proxy server functionality.

Tor is a community project that ultimately relies on as many users as possible providing the service to other Tor users. This feature is not too important for an end user, as long as his computer isn't being used as an Exit Node. As mentioned previously, the Exit Node forwards the requests as a last link to the destination server, which stores the IP address of the last node in its log. If the target server is being monitored, suspicion initially falls on the Exit Node operator. Although no cases of legal actions against Exit Nodes have yet been registered, the possibility cannot be excluded.

This potential risk, however, is no reason not to participate in the project. Tor also provides the ability to configure the server so that it doesn't act as the last node – or only partly so. Modifying a few lines in the /etc/tor/torrc file can make the daemon part of the Tor network run without making it an Exit Node.

The settings in Listing 1 make the service listen on port 9001, provide a maximum average bandwidth of 100KB/s, and ensure that all requests not coming from other Tor servers are rejected. If you operate the server behind a router, you must forward the port on which the gateway listens for incoming connections (9001 in the example) to the host.

ORPort 9001
Nickname <MyTorproxy>
RelayBandwidthRate 100 KB
RelayBandwidthBurst 200 KB
ExitPolicy reject *:*

Make sure that the exit policy restriction applies only to access to the public Internet. Normal relay hosts should handle access to the so-called hidden services. The "Hide and Seek" box describes how you can set up such hidden services.

# thttpd -r /<WWW_directory>/ -p <4711> -h 127.0.0.1

HiddenServiceDir <WWW_directory>
HiddenServicePort 80 127.0.0.1:<4711>

The Tor configuration file also provides many other possibilities on how to make the service work. If you want to access it from the local network, for example, you can add the line SocksBindAddress <IP_address>: <port> or SocksBindAddress 192.168.1.125:4712 to the file.

Because Tor randomly modifies the route every 10 minutes, it's not unusual in the cascade to have a slow node put a brake on the transmission speed. You can work around this by specifying your preferred servers with the directives EntryNodes and ExitNodes:

ExitNodes <Server1>,<Server2>,...

If you want to use these servers exclusively, you can use the directives StrictEntryNodes 1 and StrictExitNodes 1. Keep in mind, however, that reducing the nodes has the downside of less anonymity. To exclude untrusted nodes, use the directive ExcludeNodes followed by a comma-separated list of server names. You can get a list of all available directives using the command tor --list-torrc-options to open a manpage with all the details.

Vidalia

Vidalia [4] provides a graphical interface for configuring Tor (Figure 2) that you can install with sudo apt-get install vitalia. During installation, the software asks for a user to temporarily or permanently administer your Tor installation. Note that Vidalia can stop Tor, but it can't restart it because of a bug that affects permissions and missing configuration files.

Figure 2: The Vidalia graphical configuration interface simplifies setting up, starting, and stopping Tor.

If you accidentally stop Tor with Vidalia, just exit the front-end program and restart Tor from the command line with

$ sudo /etc/init.d/tor start

In the interface, the Bandwidth Graph button opens a little window that shows the current data throughput. View the Network provides a dialog that shows the current Tor hops (Figure 3).

Figure 3: With Vidalia's "View the Network" module, you can view which servers are connected to your computer and which path the data connection uses. If you're looking for candidates for your exclusion list, copy their nicknames into the front end.

The left pane lists all the known servers and the Connection pane shows all the ones currently connected to Tor. Clicking an entry shows details about the host. Right-clicking an entry opens the Close Channel option with which you can close the connection to the server.

This view provides an easy way to exclude specific hosts. To choose multiple ones, left-click with Ctrl on the desired entries, then right-click Copy | Nickname. Vidalia copies the names comma-separated into the configuration file as ExcludeNodes.

You can access the Tor configuration through Settings. Help provides comprehensive descriptions for most settings.

Active Content

Tor is merely responsible for transmitting data – not for content security. Thus, even though you use Tor to transmit data, it's quite possible to reveal the client's identity through Flash, cookies, or JavaScript, for example. Here is where precautions beyond Tor are important.

The most trusted method is the Privoxy [5] content filter. It's available for download from the default Ubuntu repositories, which makes it easily installed via the package manager. Start the filter proxy with /etc/init.d/privoxyd start.

To use Privoxy together with Tor, open the /etc/privoxy/config file with root privileges in a text editor. To have Privoxy forward the received data, add the following line at the beginning:

forward-socks4a / localhost:9050 .

A restart using /etc/init.d/privoxyd restart loads in the change. Next, visit the 127.0.0.1:8118 address in the browser and enable the check box Use this proxy server for all protocols. When successful, the http://p.p URL (Figure 4) opens the Privoxy home page. To check whether Tor is running in the cascade, visit https://check.torproject.com.

Figure 4: After a successful setup, the Privoxy home page appears with the URL http://p.p.

Conclusion

Tor isn't a completely failsafe solution for safe surfing, but it does make things very difficult for snoopers and crackers. Because the system is decentralized, it's much more resistant to attacks than other anonymizing services. Furthermore, the onion routing design currently provides the safest way to use the web anonymously in that it requires a considerable effort to circumvent its working model.

Whereas past versions of Tor were largely unusable because of its low transfer rate, things have turned around drastically. In my test, the throughput was consistently above the 100KB/s mark, which is more than enough for surfing, but it may test users' patience during larger downloads. However, the Tor network isn't really meant for such applications anyway. l