Dave's Free Press: Journal

violence, pornography, and rude words for the web generation


Recent posts


Recently commented posts


Journals what I read

geeky politics rant silly religion meta music perl weird drinking culture london language transport sport olympics hacking media maths web photography etiquette spam amazon film bastards books bryar holidays palm telecoms cars travel yapc bbc clothes rsnapshot phone whisky security home radio lolcats deafness environment curry art work privacy iphone linux bramble unix go business engineering kindle gps economics latin anglo-saxon money cars environment electronics
Thu, 9 Feb 2006

Anonymity using Tor

Warning: cryptoanonyparanoiac-geeking ahead

Being anonymous on the interwebnet is hard. Whenever you do something, the packets you send and receive contain your IP address. From your IP address, it is trivial to determine who your ISP is, and your ISP can, given a date/time and IP, determine who was using that address. If you were to try to get around that by using a subscription-free dial-up connection then your phone line can be identified from the telco's call records - even if you try to with-hold your number. All CLID with-holding does is set a bit telling end-user equipment not to display the number. The number is still embedded in the data, as it is used by all the telcos involved for billing purposes.

You might try using a service like The Anonymizer, but while they might hide your identity from most of the people you connect to, there are still two significant flaws. First, they can store information about you and correlate it with what you do. While they do have an admirable privacy policy, they are subject to things like court orders, and just like all other companies, they may have dishonest employees. Second, if you sign up for an account (and their service is very limited otherwise) you may very well have given them your credit card number, which can be tied back to you.

Even with those flaws, Anonymizer's service is very good. I've been a satisfied customer for a number of years and if you can live with those drawbacks, they're a good solution.

So what's a tin-foil-hat-wearing paranoid to do?

I recently discovered Tor. As far as I can tell, it protects against all the problems enumerated above, by hiding all the information about what you're doing including where the connection is going from and to behind good quality cryptography. Your traffic is tunnelled through numerous proxy hosts, all of which only know the "neighbour" hosts on either side of them in a chain of hosts that your software has determined. Crucially, only the very last tunnelling proxy knows where you were going to, and only the very first knows where you are coming from, as each host successively unwraps a single layer of cryptography* to determine what it should do next**. These two features mean that to identify you, or to identify what you are doing, the whole chain of proxies needs to be compromised for an attacker to be able to identify you and what you are doing from your network traffic. Given that those hosts are likely to be scattered all over the place, that is highly unlikely. Therefore I have switched from using The Anonymizer to using Tor.

If you decide to use Tor, then please remember that there are other ways of identifying you and what you're doing. For example, the DNS lookups your client makes (be careful to read the notes about setting up your web browser to avoid this) or with malicious code sent to you through the onion in response to a request, such as some Javascript. For anonymity, disable Java, Javascript, ActiveX and all plugins in your browser, including toolbar add-ins. Other caveats apply to anonymising things other than web use.

If Tor sounds interesting to you, I'll be happy to help you get started with it if I can, or to explain how it works in more detail over a pint.

* these layers, like the structure of an onion, give Tor its name - the Tor Onion Router.

** it works in reverse for data being sent back to you, re-using the network connections set up the first time round so that again all proxies only know their neighbours.

Posted at 18:59 by David Cantrell