The TOR browser bundle

12 thoughts on “The TOR browser bundle”

1. Related: Fight censorship, join TOR

2. TOR is good for protecting you from certain risks – like the risk that Twitter or GMail will give your personal information to a hostile government. If you are a pro-democracy activist in China, you should use TOR among other precautions.

   You can’t trust internet companies to keep your data safe from governments.

3. Another useful tool (for penetration testing / intrusion detection):

   Eavesdrop is an application for listening in on TCP conversations on the network your computer is attached to.

4. Using Tor: Assume Exit Nodes are Monitored

   Ars Technica is reporting that a security specialist was able to grab a bunch of login/passwords after running Tor nodes to illustrate proper and improper use of the widely-used anonymity network. In this particular case, Dan Egerstad volunteered to be part of the Tor network by running “exit nodes,” and boy did he grab a bunch of sensitive logins and passwords.

   Particularly embarrassing is the fact the list contained use by embassy staff of Uzbekistan, Kazakhstan, Iran and India among others. There seems to be no other explanation other than the IT departments of these governments actually recommending Tor as standard operating procedure to access their accounts from abroad.

5. Anything you do using TOR might just get EXTRA ATTENTION from the spooks. It could serve indirectly as a means for them to concentrate interesting traffic. People use TOR for more interesting activities than they use their own networks for.

6. Money Quote: “Tor is very good for anonymity, but does nothing for adding any data security. In fact, it’s likely more risky, because you are handing traffic over to a stranger (exit node) in cleartext.“

7. https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable

8. 90 percent of Tor keys can be broken by NSA: what does it mean?

   Tor is still DHE 1024 (NSA crackable)

9. Silk Road used the Tor Network, but nothing about the bust suggests Tor has been broken. Tor protects internet users’ identities by shuffling traffic among many servers in a high-tech shell game. It is used by activists and journalists and drug dealers who want to remain hidden online. Even the NSA can’t break the technology, though they’ve tried, according to new documents revealed by the Guardian.

   Silk Road used Tor’s Hidden Services feature, which lets operators host their sites without revealing their ip addresses. Only other Tor users can visit Tor Hidden Services, which all use the odd .onion domain. The collected .onion sites form the Dark Net. (Or Deep Web, or Deep Net, there are a lot of names.) Anyone can visit the Dark Net by installing the Tor Browser bundle, which takes about five minutes.

   http://gawker.com/silk-roads-downfall-killed-the-dream-of-the-dark-net-1441310875

10. NSA and GCHQ target Tor network that protects anonymity of web users

    http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

11. Apparently, people attack the TOR network by trying to establish large numbers of exit nodes:

    Tor Project statement on today’s attack.

    This looks like a regular attempt at a Sybil attack: the attackers have signed up
    many new relays in hopes of becoming a large fraction of the network.
    But even though they are running thousands of new relays, their relays
    currently make up less than 1% of the Tor network by capacity. We are
    working now to remove these relays from the network before they become
    a threat, and we don’t expect any anonymity or performance effects based
    on what we’ve seen so far.

    http://www.twitlonger.com/show/n_1sjg365

12. https://twitter.com/torproject/status/548623893230268416