Tor: Part 1 - Is it for me?

Discussion in 'Linux Security' started by Eric Hansen, Sep 3, 2013.

  1. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    123
    Likes Received:
    83
    Trophy Points:
    28
    Tor is a very popular piece of software used to encrypt communications. While it does have its weak points it also has its strong points as well. I’ll be walking through in a series of guides showing how to set it up, configure it and even make your own exit node (explanation to come soon). Lets get some things out of the way, however.

    Tor Pros
    The biggest way to think of Tor is that its a VPN that you don’t have control over. That, and there are numerous routes you have to pass through to even hit the Internet.

    Tor, in all of its network glory, also has its own internal network and tld (top-level domain) “.onion”. You can’t access them from outside of the Tor network, and its essentially known as the Dark Net. This is also where WikiLeaks could (can?) be found before all of the legal issues. While one of the “rules” of Dark Net is to not talk about it, I’m doing my best to not leave out the pros and cons of the Tor network itself, including this.

    To set up a client is basically as easy as set it and forget it. There’s minimal configuration that needs to be done, and even then a lot of it is optional these days. Back in the old days it took a good 15-30 minutes to be able to access the Tor/Onion network.

    Tor Cons
    I feel if you don’t read anything else out of this post, you should at least read this, especially as it does involve your data and potentially identity.


    One of the biggest complaints in terms of privacy and Tor is that the exit node (the last computer your traffic is encrypted to before hitting the Internet) can monitor your traffic. If you think about this it does make a lot of sense. You’re putting all of your faith into an encrypted stream of networks and nothing else. While Tor does choose a different route for you every 10 minutes, depending on how active you are that could be all that’s needed.

    Lag is another major issue with Tor. If you’re wanting high-speed encrypted browsing or other Internet use, Tor really isn’t your best option. You have to take into account that it will pull in every other computer connected to the Tor network, figure out which is a exit or relay node, and map your traffic accordingly. Last time I really used Tor you couldn’t specify a geographic area you wanted to be (primarily) using, and I’ve ended up with IPs geo-mapped to Russia, Germany, South America, etc…

    Should I Use Tor?
    This isn’t anything anyone can answer. If you’re doing banking stuff and want to use Tor, I’d advise highly against it. The risks outweigh any possible rewards. Trying to hide yourself from people spying on BitTorrent networks? While it’ll destroy your download speeds this is a sound alternative to the IP blacklisting tools out there.

    If you just don’t want big brother to have your IP address Tor is again a good possibility. Which, these days this is the main reason for its use it seems.

    Ultimately it all depends on what you want to use it for, if you accept the consequences and threats, and if you can justify using it. Its a very useful and powerful piece of software but even Rome fell at some point.

    What To Expect In This Series
    There isn’t a lot of content in this post because I wanted to lay everything out without diving into everything. Those who wanted to just know what Tor is and feel its not what they want can carry on without having to read through an arms race of data. Anyone who feels Tor will better their networked life somehow will enjoy the future posts to come.

    Next part will cover installing it on an Ubuntu-based system. I’ll be using elementaryOS personally, but as it is based off of Ubuntu it really doesn’t matter much. There will probably be some configuration discussion as well but not very heavy, that’s something I want to save for another part so it can be dedicated and explored thoroughly.

    Attached Files:

    • slide.jpg
      slide.jpg
      File size:
      135.4 KB
      Views:
      56,078
  2. HNA1945

    HNA1945 New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    thanks, nice article hope for more
  3. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    123
    Likes Received:
    83
    Trophy Points:
    28
    Oh there is. I wrote up how to set it up as a client as well as be a relay node. Those should be up sometime this or next week. After that I'll also discuss how to be an exit node and some security settings to make.
  4. buggg

    buggg New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hmmm...... I swear I know you from a chan on Tor........
  5. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    123
    Likes Received:
    83
    Trophy Points:
    28
    Highly doubt it its from a chan specific for Tor. Never used IRC back in the day now the only time I really use IRC is to hop onto #linux.org
  6. buggg

    buggg New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Ok. The name just sounds so familiar to me. I've been an admin and a moderator on quite a few non cp chans (or imageboards...I tend to call them chans because of "torchan" "anonchan" "onii-chan" and etc) on Tor and for some reason your name rang a bell.
  7. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    123
    Likes Received:
    83
    Trophy Points:
    28
    If you go on Reddit might be where it rings a bell. I'm on there a lot but don't post a lot on /r/linuxadmin or anything, still feasible though. :)
  8. flunwyc

    flunwyc Member

    Messages:
    99
    Likes Received:
    61
    Trophy Points:
    18
    Exit nodes cannot be trusted. You need end to end encryption, it's really that simple. Logging into your personal email or other online accounts used for financial transactions is pure folly.

    Saying, that a lot of the problems with tor have come via improper use/configuration. If your browser is not configured correctly, you might as well not be using tor at all - this is why tor project introduced tor browser and now only support that.
  9. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    123
    Likes Received:
    83
    Trophy Points:
    28
    While exit nodes can't be trusted, you're still at the mercy of them since they are the single point of your Internet connection. Even if doing end-to-end encryption, that doesn't make it safer. The exit node can still sniff out the necessary keys and pretend they are you. While recycling the Tor route every 10 minutes helps mitigate this its still a feasible threat.

Share This Page