Tor Safe To Use

 admin
Category: primers

Here are a few tips that’ll help you get there: Use the safety slider within the browser. Turn this option in your settings all the way up to ‘High’. This ensures you. Install good antivirus software. Even with the safety settings of the Tor browser optimized, weird things can happen. Come Hacker to Hacker perhaps it’ll emerge that the Tor network isn’t safe at all; that it’s just as dangerous as the rest of the internet. Tor is secure and anonymous by itself, but you can increase the security level manually which may result in slightly slower speeds and lower browsing experience but the security won’t be compromised with. To increase the security, click on the small onion icon just left of the URL bar, and click on “Security settings”.


A 5 Minute Read

09 Mar 2017


Safe to use tor on windows 10

One of the most common questions asked about Tor is whether it is safe enough to be relied upon. While this is a perfectly useful question that should be encouraged, unfortunately it often results in battle-flags being raised and the cavalry being called. On the left are the die-hard Tor supporters, who champion the technology as the liberator of humans, far and wide. On the right are the nay-sayers, the ‘Tor is a honeypot funded by the US navy’ crowd, who cite NSA exploits, correlation attacks, and the evil exit nodes sniffing your traffic and hacking your docs. The reality of the matter is somewhere in the middle.

This article will navigate through these attacks and defenses to clearly convey how safe Tor really is. It will do so by taking several claims about Tor and assessing their validity (in clear and simple terms), before summing up whether Tor is safe to use for two different use-cases (spoiler alert: use-case matters).

Claim: Tor is Funded by the US Navy

While this is true, it takes on a rather simplistic view of government, and any reasonable level of thinking shows it is of little significance. Indeed, governments are hardly ever tightly-knit, and it is not uncommon for several agencies to clash. The US Navy funds Tor because Tor is useful to its operations (its operatives overseas need a secure way to communicate that doesn’t stand out, which Tor provides), as it is to many others, such as law enforcement.

Nevertheless, the core concern here is influence: what if the Navy’s funding compelled Tor to insert a backdoor for only the Navy? The problem with this is that Tor is open source, and putting a backdoor into open source code, never mind the code of a project that is intensely scrutinized by skeptics, is a pretty piss poor idea. If the Navy wanted a honey pot to use for surveillance, it would be far better off setting up a VPN company with highly competitive prices. After all, there’s no way to verify that VPNs aren’t surveilled.

Claim: Tor Exit Nodes Are Evil and Watch Your Traffic

This is a bit of a trickier claim because there’s no way to verify it. As well, we must distinguish between privacy and anonymity: evil exit nodes sniffing internet traffic do not necessarily compromise your anonymity unless you’re sending private, identifiable information. In other words, if they just see a Reddit page loading, they have no way to know who is loading it unless it is accompanied by some piece of identifying information.

Nevertheless, some exit nodes have certainly been caught sniffing traffic, but the vast majority have not, many of which are run by privacy-friendly organizations like Mozilla. As well, the use of SSL/TLS makes it significantly harder to sniff people’s traffic, and attempting to break SSL/TLS radically increases the chance that the malicious exit node will be detected. Finally, traffic to and from hidden services never passes through an exit node, and so the argument simply doesn’t apply here.

Long story short, if you use SSL/TLS wherever you can, and don’t send identifying information without it, the chances of an exit node betraying you are very low.

Claim: Tor is Susceptible to Correlation Attacks

Tor Safe To Use

True. Tor is susceptible to correlation attacks. If a single entity controls both the entry (guard) relay, and the exit relay, then they use statistics to potentially identify you. Note that they can’t decrypt the communications; your traffic is still private, but they’ll know your IP address and the IP address of whoever you’re talking to.

This is a very hard problem to solve, but given the number of Tor relays it is unlikely that your traffic would go through both the necessary guard and exit relay. Moreover, these attacks all have false positive rates, meaning that out of one hundred thousand users, they might be able to narrow it down to you and 5,999 others (6%). For all intents and purposes this isn’t very useful, and therefore attacks against Tor typically aim for hacking the Tor Browser itself.

Claim: The Tor Browser Has Been and Can Be Hacked

Yes, it has been, and it can be. Luckily, attacks against the Tor Browser itself can be largely prevented by simply turning the browser’s security slider to high. A major reason for this is that most attacks rely on the use of Javascript to get past the Tor Browser’s defenses, so disabling it outright by turning up the security slider is an easy and effective solution to this problem. Of course, doing this will break a few websites, but that’s a minor cost given the added security.

Claim: You Can Still Be Tracking While Using Tor

Absolutely true, but also incredibly easy to fix. Most tracking mechanisms rely on something called browser fingerprinting. Fortunately, once again you can simply set the Tor Browser’s security slider to high to virtually eliminate this problem (max security will disable Javascript, the necessary building block of browser fingerprinting).

So is Tor Safe Enough?

With these points in mind, assessing whether Tor is safe enough for you to use requires some context. Specifically, the decision must consider what you’re using Tor for, what the risks are, how valuable hacking you is, etc. This is a process known as threat modelling, and while several books could be written on the topic, briefly consider the following simplistic examples to get a sense of what I mean when I say context matters:

Is tor safe to use without a vpn

Lower Risk: Browsing NSFW Websites

For example, someone who is casually browsing some not-safe-for-work websites using Tor is likely not a high value target. The cost of surveilling/deanonymizing them is far too high given the potential reward for doing so. Law enforcement and intelligence agencies prefer to keep their tools as secret as possible; if they have a working attack against the Tor Browser they will only use it if it is warranted, because deploying an attack runs the risk of revealing it to the public. Therefore, if you are using Tor to casually browse online privately and anonymously, there’s little reason for concern. Just turn up your security slider to stop the basic web-trackers and you should be able to sleep easy at night.

Higher Risk: Leaking CIA Tools

On the other hand, if you were leaking the CIA’s hacking tools you would want to take significantly more precautions. Indeed, an act like this would make you a very high value target that a powerful adversary would have an interest in revealing; all of those ‘low probability’ instances I have described might become significantly more probable, never mind the fact that they are offset by significantly higher personal risk.

While I will refrain from giving too much advice on how to do this (please consult people smarter than me), simply turning a security slider to high would be far from enough to ensure your safety. Here you need to begin to consider comprehensive strategies that utilize Tor as a supplementary protection rather than the only protection. In other words, consider Tor a major piece of the anonymity/privacy puzzle, but don’t make it the only thing you’re relying upon. Your strategy should be likely to work with or without Tor.

Safe

Tl;dr: Yes, probably, unless you’re Edward Snowden or a drug kingpin.

Want to upgrade your online privacy? I use NordVPN to encrypt my traffic and route it across the globe, and Spideroak for rock solid encrypted cloud storage!

On October 29-30 in Sao Paulo, Brazil, the Hackers to Hackers Conference will occur, and one of its presentations will be about how the Tor anonymizing network was compromised by French researchers. Tor, in case you don’t keep up with internet security and obscurity, is a network of nodes that randomize your path through the internet, making it harder to track what sites and services you use. Traffic on the internet is a series of hops from router to router and network to network, and in Tor each network node has only the name of the relay it was handed the information from and the relay it handed the information to — so a full path of the traffic destination is never known. That way compromised nodes can’t be used to monitor traffic.

What basically happens is that you connect to the Tor network via an encrypted connection. All requests you make through the network are bounced around inside for a while, and then exit the network at a random point and hit your destination. The return packet hops back into the Tor network and repeats the steps in reverse, bouncing around inside and then returning via your encrypted connection. Anyone watching your connection will see only encrypted traffic, and anyone watching the site you’re going to will see random traffic coming from some random spot on the internet. You can picture the internet as a giant cloud (as everyone likes to do); Tor is an encrypted cloud that resides inside the bigger internet cloud that you can’t see into, or even very far if you happen to be in it.

This doesn’t make you completely safe on the internet, however. If an attacker can see the traffic leaving your computer and also the traffic arriving where you want to go, an end-to-end timing attack can occur with a statistical analysis used to figure out how likely it is for that traffic to be you. It’s also an important point that Tor alone isn’t enough to protect your online browsing habits.

The breach of Tor that will be revealed at Hackers to Hackers wasn’t released with much in the way of real information; The blog at Torproject.org has a written response to the incident and is worth a read to try and separate sensationalism from fact. It seems clear that Tor isn’t positive that a compromise has occurred, and in fact take the stance that this is a fact of life; it’s what makes security better. Innovation is often driven by competition and adversity, after all.

Installing and using Tor

The most common use of Tor is the Tor Browser Bundle for Windows, Mac, and Linux, which is easy to install and use. The Browser Bundle is basically just a portable, standalone version of Firefox — you run it when you want to surf anonymously, and you switch back to your usual browser of choice when you’re finished. There are some caveats to surfing with the Tor Browser, so be sure to read the warnings on the download page before you dive in.

In testing, both Google Chrome and Internet Explorer 8 shows the same IP address, while the Tor browser showed an IP address based in the Netherlands. Warnings of Google captchas and other security warnings occurred regularly, and many sites seemed broken. It forces one to think about how much information is leaked to companies just to assure a standard browsing experience.

If you’d rather something a little more granular than an entire browser, the Tor Download page has a bunch of other options, including packages for your Android or iOS device, or standalone versions of Tor that can be used for more than just browser traffic.

Tor is a bit slower than your normal browsing experience, but that’s the price you pay for relative obscurity. Come Hacker to Hacker perhaps it’ll emerge that the Tor network isn’t safe at all; that it’s just as dangerous as the rest of the internet. That, in turn, will make Tor more safe as those intent upon safety through anonymity innovate to close the doors and windows open to the world. Every system has it’s faults. In a world where you can only be as safe as possible and never completely safe, take safe as possible every time.

Is Tor Safe To Use In China

Read more of ExtremeTech’s security, privacy, and hacking coverage