Tor (NOTE: Tor offers a very high degree of anonymity online when used correct. It is not a magic shield though. For the majority of people, you are not worth the tens of thousands of dollars, dozens of hours of paper work and attempts at international legal cooperation that would be required to trace you down. Some people it might be worth that to track you down, and it is not impossible to be tracked down over the tor network, it is only very expensive and time consuming. It is next to impossible in some cases, but a lot depends on your node path and it would be naive to think that you can't eventually be tracked down. For people that still don't feel safe knowing it will cost tens of thousands of dollars and take days of paper work and headaches for them to be traced down, I suggest you use Tor in addition to public WiFi. Long range antennas are cheap and you can probably get five or six signals from your house. If not you can go to coffee shops etc and use their wifi, a lot of places have free wifi these days that you don't need accounts for. Spoof your mac address, use public wifi and Tor and you will literally be a shadow on the internet. Even by the time the manage to trace your location back using Tor, you will be long gone if you go to coffee shops to use their Wifi and only a forged Mac address with no connection to you will be left. Even if you use a neighbors Wifi signal, they will first need to track you down over the Tor network and then they will need to bust out directional wifi sniffers and triangulate you back to your position, and chances are you will get suspicious when you see a bunch of people outside walking around with laptops and big ass antennas and can simply disconnect lol.) What it is Tor is an onion router that allows for a high level of anonymity on the internet. It works by creating a three node long chain between your computer and the machines you communicate with. You send information encrypted with layers down the node circuit and the information leaves from an exit node to the final destination. This makes it greatly more difficult for you to be tracked down over the internet. You should keep in mind that using Tor incorrectly can damage your security even though it may help your anonymity. You should only use Tor in combination with SSL or other sorts of encryption, as the last layer of Tor applied encryption is stripped off at the exit node and a malicious exit could eavesdrop on your information unless it is encrypted using other methods (https:// websites, etc) Things to keep in mind 1. When using Tor, you should make heavy use of SSL (https://) because if you are not connected to a service over SSL the exit node in your Tor circuit can sniff your information. 2. You should disable Java, Javascript, Flash and ActiveX in your browser when using Tor, as these services can circumvent Tor to entirely remove all of your anonymity. 3. You should expect Tor to go very slow. You can switch identities and hope for a faster one, but in general they are all slow. I suggest you use one browser with Tor and one with out Tor and use the Tor browser for sketchy things only. What you need to get There are a few different ways that Tor can be set up and for that reason there are several suggested packages you can get. This tutorial will focus on each of the main ways Tor can be set up, and will also talk about how to set up various program to make use of Tor. Depending on the method you use with Tor, you will need one of the following programs All packages can be found at the following location www.torproject.org/download.html.en Stand alone Tor This is for if you want the most control over Tor and plan to run more than your browser and IM client through Tor. It is the hardest to set up but offers by far the most control to the user. This is the first set of links in the above mentioned download page. You can get either the stable version, which is tested and bug free + stable, or you can get the alpha version which may have more features and be more secure but also may be less secure and more buggy. Tor Browser bundle / IM Browser bundle This allows for quick and painless set up of Tor with Firefox and Pidgin, but it does not allow for maximum control. Also it forces you to use the Alpha version of Tor, and it uses Polipo as the default anonymizer and although it is still very good, it allows more information about you to leak out than Privoxy does (although your actual IP address will stay safe). Polipo is faster than privoxy however. This is the suggested set up if you don't have the time to learn how to set up Tor for yourself, or don't have the motivation to do so. It is by far better than using nothing, but it is not quite as good as using stand alone Tor and configuring it yourself to meet your needs. If you choose to go with the Browser Bundle, simply install it to a folder and then when you desire to use Tor and firefox, launch firefox using the Tor button in that folder. A Firefox and Pidgin session will start up and both will be preconfigured to send traffic through the Tor network. If you decide to go with the stand alone version of Tor, select one of the following tutorials to walk you through setting it up. Torrify stand alone programs Browsers Konqueror: Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup Opera: Open Tools -> Preferences -> Advanced -> Network -> Proxy Servers Firefox: Tools -> Options -> General -> Connection Settings -> Manual proxy configuration Set HTTP, SSL (HTTPS://) , FTP, Gopher, WAIS to all be 127.0.0.1 on port 8118 FTP will not work correctly, but unless it is set to go through Tor it will leak information to ftp servers so you should keep this setting. For later versions of firefox you should add the following line to about:config to force remote domain name lookups: network.proxy.socks_remote_dns user set boolean true In firefox you can get foxyproxy to switch Tor on and off at will, or set it to only work with certain websites. This can come in handy, but it can also cause some leaks in your anonymity. I suggest you use two different browsers, one with tor and one with out, instead. In Opera you can use the Proxy button from the button wiki as a foxyproxy replacement (button can be found here: www.operawiki.info/CustomButtons also worth getting some of the other buttons like disable javascript, disable ref log, etc) Other Programs Pidgin: Preferences -> Network -> Proxy server Proxy type: SOCKS 5 Host: 127.0.0.1 Port: 9050 Advanced tip You can set a fourth self selected node in your Tor chain that all traffic from Tor is routed through. This has a few advantages. For one, is allows you to have more knowledge about your exit node and decreases the chances the feds can get a full circuit. For two it increases the length of your circuit by an additional node. For three, it gives you a consistent exit node which can hide the fact that you are using Tor. It will slightly decrease your speed however, and unless you use a free open proxy (which wont be near as helpful) you will need to find some way to ANONYMOUSLY purchase a proxy server. If you have an anonymous proxy server though, you can chain it at the end of your tor circuit using privoxy by adding these two lines to the privoxy config file: forward-socks4a / localhost:9050 . forward-socks4a *.wikipedia.org localhost:9050 0.0.0.0:80 where 0.0.0.0:80 is replaced with the IP and port of the proxy you choose to use, and *.wikipedia.org is replaced with the websites or services you want this additional proxy to be used in the circuit for.
I understand what your intention is here, but I do believe that this post would be better outfitted in another area of the forum.
Where should it go? I see your point how it does not technically fit in here, but at the same time it is extremely important for people interested in internet sourcing to know how to use Tor and other encryption programs. I see a lot of posts on setting up PO boxes, I think this is about as relevant to synthetic drugs (especially research chemicals as they are the main market online) as setting up anonymous PO boxes is.
That is a valid argument. I would see in in the science and technology forum, along with the other post that you placed today. All of which are great information, I just got carried away when I saw the posts.
Hey, Binary, when you said "You should keep in mind that using Tor incorrectly can damage your security even though it may help your anonymity" I am slightly confused. Could you give an specific examples of using Tor incorrectly or is it decently easy to set up? Edit - Ahh, I read a little bit about Tor on the link that you sent me and I am assuming that you were talking about these warnings, correct? 1. Tor only protects Internet applications that are configured to send their traffic through Tor — it doesn't magically anonymize all your traffic just because you install it. We recommend you use Firefox with the Torbutton extension. 2. Browser plugins such as Java, Flash, ActiveX, RealPlayer, Quicktime, Adobe's PDF plugin, and others can be manipulated into revealing your IP address. You should probably uninstall your plugins (go to "aboutlugins" to see what is installed), or investigate QuickJava or FlashBlock if you really need them. Consider removing extensions that look up more information about the websites you type in (like Google toolbar), as they may bypass Tor and/or broadcast sensitive information. Some people prefer using two browsers (one for Tor, one for unsafe browsing). Torbutton provides many features to protect your anonymity. It can be safely used instead of many plugins, such as FoxyProxy or NoScript. 3. Beware of cookies: if you ever browse without Tor and Privoxy and a site gives you a cookie, that cookie could identify you even when you start using Tor again. You should clear your cookies frequently. CookieCuller can help protect any cookies you do not want to lose. 4. Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can't encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet — use HTTPS or other end-to-end encryption and authentication. 5. While Tor blocks attackers on your local network from discovering or influencing your destination, it opens new risks: malicious or misconfigured Tor exit nodes can send you the wrong page, or even send you embedded Java applets disguised as domains you trust.
Number five is the biggest worry. If you use Tor with end to end encryption (SSL, aka https:// for websites) then it will protect you a lot. But for example hipforums doesn't have SSL but I use Tor to go here anyways mostly because I don't type sensitive information. But because I use Tor with out using SSL technically a malicious exit node can read everything I read and see everything send to here. Here that doesn't worry me as this is public information, but if I was on a private forum discussing sources or talking business with people over a messenger program, it would be very important for my security that I use encryption and SSL. You never know who is running your Exit node, and Tor is for anonymity not security. You need to add the security yourself.
