Light Roast 106: Anonymize With Tor
An overview of using Tor for online anonymity.
What is Tor?
Tor (acronym for The Onion Router) is a free software, released under BSD license, which allows for anonymous communication on the Internet based on the second generation of the network protocol onion routing: its use makes it much more difficult to trace the Internet activity of the user. It’s aimed at protecting the privacy of users, their freedom, and the ability to conduct confidential communications without being monitored or intercepted.
The Tor Project is a great organization that has been working to improve online anonymity for years. It allows its users to surf the web anonymously when they’re online, and it protects their identity in case they need to access their email or other accounts.
Tor was invented by the United States Naval Research Laboratory in the early 2000s, and it was first released to the public in 2004. The Tor Project has been working to improve the software and the user experience since then. In 2012, they released a new version of Tor that’s free and open source.
How does it work?
Generally speaking, the working principle behind the Tor network is simple: a user who wants to connect to Google using Tor establishes an encrypted connection with an input node of the network (called Guard). This node transmits the content to a series of internal nodes (called relays) chosen at random, and finally, the last node (called Exit node) establishes the connection with Google. This process is completely transparent to the user who, beyond the potential latency due to using the circuit with multiple relays, will not notice any difference.
In a normal scenario, in fact, the user would connect directly to the server of the requested service: Google, Facebook, etc. who then knows the exact identity (i.e. IP address) of the user browsing. When the connection crosses the TOR network the data is passed through various relay nodes, which we have just seen, with the intent not only to protect the identity of the user, but also to ensure that no other external observer can deduce the ultimate destination of the user.
Installing Tor on your system
In this article, we will install Tor (CLI) on an Ubuntu system. Tor Browser (you can find more information about it on torproject.org) is a modified Firefox installation with an internal implementation of Tor, not covered in this article.
sudo apt install tor
This command will install Tor into your system with a couple of dependencies. Once installed Tor will start as a daemon on port 9050, you can check the status of Tor service with:
sudo systemctl status tor
Now we have Tor installed and ready to work in our system.
Use Tor as a proxy
Now we will set Tor as a proxy, first in our browser and then in our system. These two settings differ a bit: the first one will set Tor only for our browser, which means other connections outside the browser will go directly without Tor, and the second one works at the system level, so programs like our terminal will go through Tor as well.
Configure Tor in Firefox
To configure Tor in Firefox, we need to install Foxyproxy as this will aid in easily modifying the proxy settings. Open Foxyproxy and start adding parameters as the image below:
Once the profile is saved you’ll find it in Foxyproxy’s menu. Just click on it and your browser will work through the Tor network!
Configure Tor as system proxy
Keeping in mind, this is on Ubuntul, go to Settings > Networks and find “Proxy”. Click on the gear and set to “Manual”, then insert your Tor port on “Host SOCKS”.
To test it out, open terminal and try to do some curl or wget commands to get your IP address. You can also try wget to “check.torproject.org” and you’ll see your real IP.
As described above, this will not cover you as well as you may think! Be careful.
You can run Tor at any level of your system, this is only the fastest method (and not the most secure). If you’re looking for a better solution, try editing your connections with the terminal.
Check your Tor connectivity
To make sure you’re working through Tor network check your IP Address using any service, like whatismyipaddress.com. As mentioned, Tor Project offers a service to check Tor connectivity on their website: https://check.torproject.org/
Conclusions
In this article, we covered a bit of Tor’s history and it's usage, how it works with guard, relays, and exit nodes, and how to install and use it on a Linux system, either as a browser or system proxy.
N.B. Your connection is anonymized, not encrypted as end-to-end! Be aware of this. Tor does wrap your traffic in encrypted layers as it transports it through the Tor network. Use a VPN and Tor network to increase your online anonymity.
Stay safe!