It was not too long ago where anonymity could only be gained with a bit of technical know-how and expert use of third party programs. Now, anyone can visit the Tor website, download the file, unzip it and run the program in any flavor of windows (including MAC OS) with no prior knowledge or technical expertise needed for setup or use.
The new Tor Browser Bundle is a portable program that provides all of the tools needed to browse anonymously through an encrypted connection while never having any personally identifying data stored on your computer. The package is about the size of a regular web browser and can be run from a USB stick or CD/DVD disc on any computer. The Tor network has been in existence since 2002, but has recently gained notoriety as the default browser bundle for the popular anonymous file sharing program “The Onion Router”.
The infrastructure:
The Tor network is built upon thousands of volunteer computers (“routers”) that relay encrypted data between each other to make it difficult to track traffic flowing through the network. While this makes it very difficult for anyone to trace individual traffic, it leaves some holes in the system. Computers connected to the network know where they are in relation to other computers, but users connecting to the network remain ‘completely’ anonymous.
Onion routing:
Computers that use the Tor network are not connected directly to the Internet. Instead, they connect through a number of other anonymous networks called “relays”. The computers at each relay have no knowledge of any traffic flowing between them. Each relay functions as an intermediary between the final destination by request (i.e., you) and the original source (i.e., your computer). All traffic is encrypted by the relay, which then sends it on to the next relay. By the time your data reaches its final destination, the original source is untraceable and indistinguishable from any other source.
Note: The Tor network is not perfect, but it’s a great first step in anonymous communications. This guide will show you how to take your security even further with this handy tool.
How does it work?
The Tor Browser Bundle requires an initial connection through one of several public relays operated by volunteers around the world. These relays are hard-coded into the source code of the program and cannot be changed by users. When you connect to one of these relays, your computer is given an anonymous identity based on information from the relay and a random number. This unique identifier is assigned to you for as long as you remain connected to the relay. When that data reaches its destination, the routers will pass the data back along your path through the network until it reaches an exit node, where it is decrypted and sent out onto the normal web.
After you are connected through an exit node, it functions as a regular web server so that you can surf anonymously among normal websites without alerting anyone to your real location or identity.
Can I really stay completely anonymous?
While it is possible to visit a website without being traced, in practice this is very difficult. Most sites track everything you do online and there are government agencies like the NSA that monitor most communications.
Most people still use their real names, email addresses, passwords (or SSNs) and other identifying information on the Internet. Tor encrypts this data to prevent anyone from seeing what you are saying or doing online. However, not all traffic will be encrypted at the network layer. Firefox and other programs may send identifying information to websites you visit. Tor is built with privacy in mind, but your actions must follow the philosophy as well.
You cannot go into these networks without leaving some data behind for someone to find eventually. Your IP address will be recorded along with active outgoing web traffic confirming that you are using Tor. The router connecting your computer to the Tor network will also be logged in somewhere.
In order to be completely anonymous online you have to never enter personal information about yourself while using the internet. This means no revealing anything about your name, address or other personally identifying information (like credit card numbers) anywhere on the Internet.
How to make browsing more secure:
Anonymity is always an ongoing learning process, and it is very important to be aware of this fact. If you are in the habit of browsing without using any security precautions, it’s probably best to start with a clean slate by clearing your history, cookies and cache after every single session. Clearing these elements can help protect against potential identity theft, as well as protect the anonymity of your activity online.
For maximum security when using Tor, the following tips will help you stay safe:
1) Always use encrypted links like HTTPS or SSL before entering any personal information. These connections will prevent anyone from eavesdropping on your web traffic or viewing sensitive data that is usually sent over the internet.
2) Tor provides a good way to browse anonymously, but it is not perfect. Tor is not the only software that can be used for anonymous communications. Other anonymous browsing networks such as Freenet and I2P can also provide strong protection in extreme situations. Don’t forget about the variety of VPNs and other services that provide anonymous web browsing as well.
3) Be aware of website tracking software that keeps track of everything you do online, often using cookies to identify your browser as you surf the internet. Do not enter personal information into web forms until you are sure that their connection is secure (most browsers have an option in the settings to always use SSL encrypted mode). Consider using an “Incognito” or “Private” browsing mode if available.
4) Public computers and Wi-Fi are not good for anonymous web browsing. If you have any doubts about a public network, connect to Tor through SSH or use Tor Browser Bundle instead of Firefox for your web browsing sessions. Remember that information stored on a computer may be vulnerable to others logging in, including hackers and other malicious users. To be safe, delete all your Internet activity on any PC before you leave it by deleting your cookies and browser history.
5) Be smart when using social networking sites like Facebook. You can create a separate account exclusively for anonymous purposes, and severely limit the information you post.
Remember that while you are connected to the Tor network, it’s possible that people on local networks may be able to log your activity and discover personal information about you based on this activity (such as what websites you visit). If you’re concerned about this type of activity, it’s best to connect to a VPN.
6) Keep Tor Browser Bundle updated. As with any other piece of software, the more people use it, the more likely you are to encounter security issues. As always, people who download and run projects based on the Tor network get full access to all bug fixes and security updates when they are posted.
7) Don’t use Tor if this is illegal in your country. Some countries, such as Iran and China, are known to block access to the Tor network. If you’re a citizen of one of these countries, please consider using other alternatives discussed in this document. If you must use Tor, be smart — use bridges and firewall your computer. Live outside such an oppressive regime? Consider running a Tor relay or exit node anonymously to help the Tor network grow and become more diverse.
8) Be careful when downloading software from the internet (even from sites that provide guarantees for security and privacy). Crafty hackers could put code into software downloads that would allow them to gain access to your computer without you knowing it. (This is a surprisingly easy thing to do, and is referred to as “drive-by download malware” or “drive-by downloads”, because the culprits sits in the passenger seat of your computer, watching you install software and wait until you hit enter before running a malicious program.)
Moreover, most software currently available on the Tor network is compiled for Windows — if you download software from anywhere else (particularly non-Windows platforms), it’s quite possible that the software will have been recompiled by someone who does not have access to Windows. In this case, the person who compiled the piece of software may have made modifications to it without first obtaining consent from its original author.
When downloading binaries (executables) it is recommended to verify their signature before running them. This will prevent a trojan horse from being disguised as a Tor Browser Bundle or other important package.
Nothing is perfect. If you have relatively strong passwords, use up-to-date privacy protections, and make sure your computer is free of malware, you can make yourself much harder to target than the average user.