TOR Browser Guide for Beginners - How to Be Anonymous Online - Vlad Gemstone
description
Transcript of TOR Browser Guide for Beginners - How to Be Anonymous Online - Vlad Gemstone
TABLEOF CONTENTS
1.Description2.Application3.Structureandprinciplesofwork.4.SetupofTorTorforUbuntuTorforMac5.Configuringandrunninginbridgemode6.Tuningintheproxymode7.Relaymode8.AdjustmentandworkwiththeVidaliaPoliposhell9.TheusageonSmartphone10.HowtocheckToroperation?
1.DescriptionSomewordsaboutsituationasanintroduction
LatelytheinteresttotheanonymousnetworkofTorgrowsconstantly.Andtherearequiteenoughreasons.
“Democraticreforms”intheworldgoatfullspeed.Nowthegovernmentspracticallyofallcountriesconsiderthattheyhavearighttodecide,wherethecitizenscanwalkto,whattowatchandwhattoread.Packsoflaws,“withthebestmotives”stampedbythecouncilandparliaments,determinesharperthebordersofreservationswithinthelimitsofwhichtheexistenceofusersinaglobalNetworkispossiblenow.
”Adangerforeseenishalfavoided”
Theauthorities takecareofmoralhealthof thecitizensandabout thecleannessof theirthoughts paternally. That is very touching. But as usual, nobody finds the time to askcitizens’opinion.AndmoreusersintheInternetbegintofeelthatthelimitsimposingbyofficialauthoritybeginto“reapinshoulders”.Andsearchmeanstochangeasituation.
One more tensing moment is Edward Snowden’s exposures from that clear that totalshadowing of the special services after all and everybody has already become a reallyworldscope.Certainly,agreatnumberofpeoplehasnothingtohide,butitisextremelyunpleasanttorealizethatyouareunderthepermanenthubcapof“TheBigBrother”,everyyourstepiswatchedandfixed,andsomeoneregularlytries todelveinyourdirtylinen.Andnobodyabsolutelydoesn’tcareaboutforwhatpurposehedoesit,withgoodorbadintentions.
Torisaweb-browserthatprovidesfreeandopenInternet.Torhasownsystemofproxy-servers, that allows anonymously unite with a few networks simultaneously, providingprotectionfromlistening.Tor isananonymously-virtual tunnelnetwork thatgivesan incipherinformationtransfer.
UsingthebrowserofTor,theclientsoftheInternethavetheopportunityofmaintenanceofanonymityinanetworkduringthevisitofdifferentonlineresources,duringblogging,sendingreports,andalsoduringworkwithotheronlineapplications.
Inautumn2011thedevelopersofweb-browserofTorgotarewardthatcanbecomparedonmeaningfulnesswithOscarintheworldofthecinema,FundoffreePOEgaveoutthisbonusthem,andinspring2012-rewardofEFFPioneerAwards.
2.Application
Moreandmorepeopletrytosaveinviolabilityofprivatelifefromspecialservices,whichpoketheirnoseintootherpeople’saffairs.Morepeopletrytogetridoffromthe“paternalcaring” of officials from the state andwant to realize the constitutional right to decideindependently,wheretowalk,whattochoose,wheretolookandwhattodo.
AndhereanonymousnetworkofTorcomesforhelp.Asitcanprovideseparatelyhumanbeingaconsiderableweakeningofpersuasiveattentionandatthesametimetakingawayalmost all limits on moving on World Wide Web. Tor will hide your personality inNetwork,allthatyouwilldointheInternetandallsitesthatyouwillvisit.Andalsoitwillallow you to go round all blocking your favorite web-sites with lightness, carefullyinflictedtousbyfavoritegovernments,whichconsidersincerely,thatknowusbetter.
In addition, thenetworkofTorhas another smallpracticalbonus. It oftenallowsgoingroundsuchannoyingthing,asbanonIPondifferentwebsites.Thesearetrifles,butverypleasant.
PrivatepersonsusethebrowserofTor;especiallyitispopularamongthose,whoaimtoprotect the confidential personal information, and also to protect access to the blockeddata.DuetothehiddenservicestheusersofTorareabletocreateindependentlyweb-sitesandotherelectronicresources,besidestheplacewhereaserverisreallylocated,ishiddencarefully.
The Web-browser of Tor is very often used by journalists with the purpose ofcommunicating with informants safely. Well-known user of this browser is EdwardSnowden,transmittingwiththehelpofTordifferentinformationtothenewsagenciesandInternetresources.
Theemployeesofnon-governmentalorganizationsusetheweb-browserofTorinordertobe connected to the special web sites in their foreign business trips, not wishing toadvertizetheirworkingactivity.
TorismuchlikedbycivilactivistsfromFundofelectronicborders,seeingthisbrowserthatgivespossibilitytoprotectbasecivillawsandfreedomsinaworldnetwork.DifferentcorporationsuseTorforsafeanalysisofworkoftheircompetitorsatthemarket.Alsotheweb-browserofTorisusedbythedifferentspecialservicesinordertoprovidesecrecyduringexecutionofspecialtasks.
3.Structureandprinciplesofwork.Anonymousoutgoingconnections
So,whatisitanonymousnetworkofTor?Torisanabbreviationof“TheOnionRouter”.IfsomeoneisinterestedinboringtechnicaldetailsthenvisitthepageofTorinWikipediaandexamineit.IfyouwanttomakeiteasierthenvisitjustthesamepageinLurkmore.ButItrytoexplainitmorequickly.
ThoughthisnetworkisfunctionedonthebaseofusualInternet, theinformationdoesn’tmove directly from you to the server and back as in “big” network, and everything isbanishedthroughalongchainofspecialserversandcipheredmanytimesineachstage.Asaresultthefinalrecipient,thatisyou,becomescompletelyanonymousforthesites–instead of your real address there is shown absolutely wrong, not having to you anyrelation.Allyourmovementscan’tbetraced,aswellaswhatyoudid.Andinterceptionofyourtrafficbecomesabsolutelyuselesstoo.
Itisthetheory.Inpracticeeverythingsometimesisnotsooptimistic.Wewilltalkaboutallpossibleproblemslater.Youare tiredfromlongandboring introduction,aren’tyou?Areyoushortoftempertosetupandtrytousethismiracle?So,let’sstart!
ThegeneralsystemofBrowserTorallowsitsuserstostartontheircomputersseparateso-called“Onion”Proxy-serverswhichafterthatconnecttothemainTorservers,organizingTorweb-chains (theyusemultilevel coding).Alldatapacketsgoing through the systempassthrough3split-levelproxy-servers,anditschoicegeneratesaccidently.
Beforesendingapacket, theone isbeingsuccessivelycodedusing threekeys.Thefirstpackofnetworkgets thedatapackage,and then itencodes the“top” layersof thecode(similar to peeling the onion) and gets to know where it should send the data packetfurther.Othertwonetworkpacksdothesamething.
In inner Tor networks traffic is being redirected between routers, and then it finallyreachestheoutputfinalpoint,wherealreadyencodeddatareacheshomeserver.AfterthattrafficfromrecipientgoesbackwardstothefinalTornetworkpoints.
Anonymoushiddenservices
In2004Torstartedtomakeserversanonymous,hidingtheirlocationintheWorldWideWebusing specialoptionsof anonymousnetwork. It ispossible togain access to somehiddenservicesonlyusingTorclient.
Theaccesstohiddenservicescanbegainedwithusingspecialpseudo-domainsofthetoplevel“.onion”.Tornetworksidentifythemanonymouslyandsendthedatatosomespecialhidden services. These hidden services process the data using usual software, which istuned right for listening of closed interfaces. Such domain “.onion addresses” aregeneratedontheopenedserverkeyandcomposedof16numbersandLatinletters.
Restrictions
Torisaimedtohideclient’sconnectiontoserver.Butcompletehidingconceptuallycan’tbeachieved,becausecodinghereisjustawayofachievinganonymityintheInternet.Togainahigherlevelofprivacy,itisnecessarytohaveadditionalcommunicationhardwareprotection.Alsoitispreferabletousestenographymethodswhilecodingdata.
BasicadvantagesofTorBrowser
Torbrowserhasthefollowingadvantages:
AccesstoANYwebsitefromANYpartoftheEarth,nomatterwhatprovideris;
Torbrowserchangesclient’sIP,socompleteanonymityisguaranteed;
Thebrowserisveryeasytoinstallanditsusageisabsolutelyfree;
NetworksofRepeaterscanbeusedaswell;
Protectionfromwebtailingthreatingtodataprivacy;
Securitythreatingfunctionsareautomaticallyblocked;
Protectionpacketcannottobeinstalled.Itisstartedfromallthedevices,evenportable.
BasicdisadvantagesofTor
TorBrowseralsohassomedisadvantages:
Toolowloadingspeed;
Notallthevideoscanbeplayed;
Ratherlowsecurity.
4.SetupofTor
TorforWindows.DownloadingofTorBrowserBundle.
Open anybrowser (MozillaFirefox, InternetExplorer or other) and enter in an addressline: https://www.torproject.org/projects/torbrowser.html.en. If you find Tor BrowserBundlebymeansofthesearchingsystem,makesureintherightnessoftheaddress.
Push the large violet button “DOWNLOAD”, to set up the file of installation of theprogramTorBrowserBundle.
Awebsitewilldefineyouroperatingsystemautomatically;loadingofnecessaryfilewillbegin.Ifforsomereasonsyouwanttoloadthefileofinstallationforotheroperatingsystem,youcanchooseanecessaryversionfromalist.
Manybrowserswillaskconfirmationofyourintentiontogetafile.InternetExplorer11displaysthefieldwiththeorangeframinginthelowerpartofwindowofbrowser.
Atfirstitisrecommendedtosaveafileonadiskindependentlyofyourbrowser.Pushthebutton“Save”.HereisshowntheprogramTorBrowserBundleversion5.0.4,whichwasactualduringwritingthistext.Now,probably,fresherversionoftheprogramisaccessible.
SetupofTorBrowserBundle
Whentheloadingfinishesyou,maybe,willbesuggestedtoopenafolderwherefilewasstoredin.Bydefaultitisafolder“Downloads”.Startthefiletorbrowser-install-3.6.2en-US.exebyadoubleclick.
Afteradoubleclickonthefileofinstallationawindowwillbeopenedwithwarningoforiginoftheprogram.Itisalwaysneededtotakeseriouslysuchwarnings.Itisimportanttomakesure,thatyoucantrustthesetsoftware,thatyougotanauthenticcopyfromanofficialwebsiteonasafecommunicationchannel.Youknowinthiscase,thatyouneedandwheretogettheprogram.DownloadingwastakenfromthesafeHTTPSwebsiteofprojectTor.Press“Run”.
ThewindowofchoiceofthelanguageofTorBrowserBundlewillbeopened.Choosealanguagefromafewvariantsandpress“OK”.
InanextwindowitissuggestedtochooseafolderforsettingofTorBrowserBundle.Bydefaultadesktopis indicated.It ispossible tochangetheplaceofsetting,butwhileweleaveanaddresswithoutchanges.
Youwill seeawindowreportingaboutcompletionof setting.Push thebutton“Finish”.TorBrowserwillbestartedautomatically.Whilecleanamark in thepointof“RunTorBrowserBundle”.WewillgobacktotheuseofTorBrowserBundleafterawhile.IfyouforgottocleanamarkandtheprogramTorBrowserwasstarted,simplycloseawindow.
Tor Browser Bundle will not be set in the system, as other programs, and will not bedisplayedinamenu“Starting”ofyourcomputer.
UseofTorBrowserBundle
FirststartofTorBrowser
UponcompletionofsettingwedecidednottostartTorBrowser, thereforenowyouwillstart the program for the first time. If you followed all instructions in the process ofsetting,thenyouwillseeonyourdesktopafoldernamed“TorBrowser”.
Openthefolder“TorBrowser”anddoubleclickwillstartthefile“StartTorBrowser”.
At the first start of Tor Browser you will see a window that will allow you if it isnecessary to change some tuning.Maybe, youwillwant to go back to them later, andwhiletrytoconnecttothenetworkofTor,pushingthebutton“Connect”.
After that anewwindowwill appearwithgreen field,which at the start ofTorwill beopenedabitlonger.
At the first startofTorBrowser itmayneedvery littlemore time, thatusual,but showpatience.InafewminutesTorBrowserwilltuneconnection.Aweb-browserwillappearthatwillcongratulateyouwithsuccessfulstart.
TorforUbuntuTosetupTorBrowserinUbuntuistodownloaditfromofficialsite.Itisthemostcorrectandrightway.
ThemostcorrectandrightwaytosetupTorBrowseristodownloaditfromofficialsite
https://www.torproject.org/download/download-easy.html.en
Choose the version the version according to architectural system, choose Eng anddownload:
Unpackdownloadedachievesinhomecatalogue,moveintoit:therewillbethefollowingexecutingfile
Weexposethepermissiontoexecutionintheproperties
That’sall;now,doubleclickonthisfilewillopenTorBrowser
IfafterdoubleclickTorBrowserdoesn’topen,andinsteadofthattexteditoropens,youshouldallowexecutionofscriptsinsettingsofthefilemanagerNautilus:
IfyouwanttocreatealabelontheappendixinthemainDashmenu,
youcanread on theInternetit.
StartTorBrowserwemovetothesiteforcheckingIP.
Andifeverythingisallright,wewillseesomethinglikethis
WhereamI from?Ofcourse, from theGermany,andmoreover, theoperationsystem is“Windows”
InstallationofTorBrowserinUbuntu14.04-12.04intherepository
Installation option from a repository not of the latest version: in order to install TorBrowser Bundle inUbuntu, open the terminal and do the following steps according toyoursystem
ForUbuntu32-bit:sudoadd-apt-repositoryppa:upubuntu-com/tor
sudoapt-getupdate
sudoapt-getinstalltor-browser
sudochown$USER-Rv/usr/bin/tor-browser/
ForUbuntu64-bit:sudoadd-apt-repositoryppa:upubuntu-com/tor64
sudoapt-getupdate
sudoapt-getinstalltor-browser
sudochown$USER-Rv/usr/bin/tor-browser/
That’sall,theprogramisinstalledandyoucanfinditwiththehelpofmenuDash
OtherlanguagesofTorBrowserBundlewheninstallationisfromrepository
TorBrowserisFirefoxofstableversion,wewillchangeotherlanguages
RemoveintheinsertHelp-AboutTorBrowser
Lookattheversionofbrowserandmoveonthepagewithotherlanguages
Mozilla-Firefox
Oppositeyourversionofbrowserdownloadthepackagewithotherlanguagesandinstallit
Thenenterinthelineofaddress
about:config
Agreethatwewillbecareful“I’llbecareful,Ipromise!”
Thenenterinthelineofsearch
general.useragent.locale
Andchangethemeaningofthisparameterfromen-Usonde(fr)
That’sall,andnowyoujustrestartTorBrowser.
Nowitispossibleanonymously“towanderaboutthenetworks”
TurnonFlashPluginandJavaScriptinTorBrowser
Ifyouwanttowatchflashmoviesinthisbrowser,itiseasytoturnonit.Alsoitispossibletoallowexecutionofscripts.Butinthiscasethesafetyisminimized!
Idon’tadvisetodoitconfirmedparanoiacs.
So,ifyouwantflashbeginstowork
Movein“Tools”–“Additions”
Ontheinsert“Plug-ins”switchonShockwaveflash.
That’sall,nowmoveonyourfavouritesiteandwatchvideosonline,fortheexampleonYouTube.
Also,hereinthepoint“Expansions”itispossibletoturnofftheexpansion,whichblocksscriptsonthesites:
That’sall,nowitispossibletowatchalsoflashvideosandscriptswillbeexecuted.
But I repeat, this everything breaks safety, for the sake of what we also install thisprogram.
TorforMac
ReceiptofTorBrowserBundle
Open any browser (Mozilla Firefox, Safari or other) and enter in an address line:https://www.torproject.org/projects/torbrowser.html.en.IfyoufindTorBrowserBundlebymeansofthesearchingsystem,youwillmakesureintherightnessofthegotaddress.
Pushthelargevioletbutton“DOWNLOAD”,togettheinstallationofthefileofprogramTorBrowserBundle.
Thewebsitewilldefineautomaticallyyouroperatingsystem;loadingofthenecessaryfilewill begin. If for any reason you want to load the installation file for other operatingsystem,youcanchoosethenecessaryversionfromthelist.
IfyouuseSafari,downloadingofTorBrowserBundlewillbegin.IfyouuseFirefoxyouwillbeofferedtoopenorsaveafile.Itisalwaysbettertosaveafile,that’swhypushingthebutton“Save”.InthisinstanceTorBrowserBundleversion4.0.8ispresented,beingactualinthemomentofpublicationofthisguidance.Tothemomentofreading,maybe,fresherversionoftheprogramwillappear.
SetupofTorBrowserBundle
Aftercompletionofdownloading,maybe,youwillbesuggested toopena folderwherefilewasstoredin.Bydefault it isafolderof“Downloads”.Start thefileTor browser -4.0.8-osx32_en-US.dmgbyadoubleclick.
AwindowwillappearsuggestingtosetTorBrowserBundlebydraggingtheprograminthefolderofapplications.Doit.
NowtheprogramTorBrowserissetinthefolderofapplications.
UseofTorBrowserBundle
To start Tor Browser in the first time, find the program in Finder or (in more updateversionsofOSX)inLaunchpad.
AfterclickontheiconofTorBrowserawindowwillappearwithwarningoforiginoftheprogram.It isneeded to takeseriouslysuchwarnings. It is important tomakesure, thatyou can trust the set software, got a true copy from an official web-site on a safecommunication channel. You know in this case, what you need and where to get theprogram. Downloading was made from the protected HTTPS web-site of project Tor.Press“Open”.
At the first start of Tor Browser you will see a window that will allow you if it isnecessarytochangesometuning.Maybe,youwillwanttogobacktoitlater,butwhiletrytobeconnectedtothenetworkofTor,pushingthebutton“Connect”.
AfteritanewwindowwillappearwithagreenfieldthatatthestartofTorwillbeopenedabitlonger.
AtthefirststartofTorBrowseritmayneedmoretime,thanusually,butbepatient.InafewminutesTorBrowserwillconnect.Aweb-browserwillappearthatwillcongratulateyouwithsuccessfulstart.
You can check, whether you are connected to the network of Tor, visitingcheck.torproject.org. Ifyouareconnected,awebsitewill report:“Congratulations.ThisbrowserisconfiguredtouseTor”.
WebsurfingthroughthenetworkofTorhassomedifferencesfromordinaryworkintheInternet.WerecommendyoutofollowtheseadvicesforcorrectworkinthewebviaTorandformaintenanceofyouranonymity.
NowyouarereadytotheanonymoussurfingthroughthenetworkofTor.
5.Configuringandrunninginbridgemode
InstallingTorinbridge/relaymode
Theinstallingitselfisextremelysimple–itisenoughtodownloadthedistributionandrunthesetup.
Therearetwotypesofdistribution:TorBrowserBundleandVidaliaBridgeBundle.TorBrowserBundle isaimed just for safebrowsing theWeb.VidaliaBridgeBundleallowsnotonlysafelyaccesstheWebbutalsowidensTornetworkusingyourPC.
1. WarningoffailingtorunTorbridgeservice:
[Warning] Could not bind to 0.0.0.0:443: Address already in use[WSAEADDRINUSE].
IsToralreadyrunning?
The reason is that the sameport on the samecomputerwasusedbySkype.Theproblemcanbesolvedinthefollowingway:VidaliaControlPanel->Settings->Sharing->BasicSettings->RelayPort:hereyoushouldchange443foranothervalue,forexample4444(Thisonewasn’tusedbyanysoftware)
2. WarningofGEOIPfilesabsence:
[Warning]FailedtoopenGEOIPfileC:\DocumentsandSettings\User\Application
Data\tor\geoip.…
[Warning]FailedtoopenGEOIPfileC:\DocumentsandSettings\User\Application
Data\tor\geoip6.…
The matter is that geoip and geoip6 files suddenly appeared in other directory,C:\Documents and Settings\User\Local Settings\Application Data\Tor. Thisproblemcanbesolvedbysimplecopyingfilestotheproperdirectory.
3. Warningofimpossibilitytoconnecttobridgeserverfromoutside:
[Warning] Your server (aa.bb.cc.dd:4444) has not managed to confirm that itsORPortisreachable.Pleasecheckyourfirewalls,ports,address,/etc/hostsfile,etc.
The reason is that D-Link router provides the Internet connection via NAT. Tomake port 4444 visible outside via global IP aa.bb.cc.dd, it is necessary toconfigureportforwardingfromLANout.
Tor-D-Link-port-forwarding.
4. Noticethatyourcontactinfoisnotset.
[Notice]YourContactInfoconfigoptionisnotset.Pleaseconsidersettingit,sowecancontactyouifyourserverismisconfiguredorsomethingelsegoeswrong.
You do not have to set your contact info but you can do that. It can be done inVidaliaControlPanel->Settings->Sharing->BasicSettings->hereyoushouldfilltheNicknameandContactInfo(youre-mail).
5. Warningofsettingthe“wrong”time:
[Warning]Receiveddirectorywithskewedtime(server‘82.94.251.203:443’):
Itseemsthatourclockisaheadby56minutes,7seconds,orthattheirsis
behind.Torrequiresanaccurateclocktowork:pleasecheckyourtime,timezone,
anddatesettings.
Thetimestrangelydiffersalmostforanhour(myclockisputforwardfor56minutes),asthoughaproblemisinsummer/wintertime.ThereasonissomebuginTorserver.Howtofixit:
1. RunTorsystemandwait for itscomplete loading(themomentwhenTorsetstheconnectionanditsonioniconinthetraybecomesgreen)
2. Opentimeanddatesettingsandsetthetimeanhourearlierorlater.Theactualconnectionwillbelostbutitwillresetinsometime.
3. Waitforabout15minutesandthenreturnthetimeback.TheconnectionwillbelostagainbutthenTorwillbebackinthenormalmode.
6.TuningintheproxymodeHowtoconfigureproxiesinInternetExplorer.
InOSofWindows7 it is necessary tovisit controlPanel, then topass toPropertiesofbrowser, further the Connecting inset, in a right lower corner to press on Tuning ofnetwork.Youneedtomarkthefield“Proxy-server”,thenopen“Inaddition”,andintoaninsetexposedigitalvaluesshownonapicture.
ExplorerworksviaTor.
HowtoconfigureproxiesinGoogleChrome.
Firstlyitneedsthatitwillbethe“defaultbrowser”onYourPC.Further:
Wepressonto“Changeconfigurationofproxy-server”.InsertfortuningInternet-explorermustgoout(seethescreenshot).
HowtoconfigureproxiesinOpera
It is necessary to enter “settings” and propose them in accordance with the operatingversion of browser. We mark the part of Socks, further it is necessary to enter nextnumericaldata:127.0.0.1:9050
HowtoconfigureproxiesinMozillaFirefox.
Theuserneedsthisplugin(https://addons.mozilla.org/en/firefox/addon/foxyproxy-basic/?src=search).Itshouldbesetupin“Expansions”.
Aftersettingofpluginyoushouldchoosechooses:“Torproxiesforalladdresses”.
Furtheryoushouldproposethesettings.
Theremustbenot“forbiddenweb-sites”now.
IfyouwanttoknowIP-address,appealtohttp://www.checkip.com(ip-check.info)
WhenauserworksbymeansofTor,anaddressisdifferentfromthatgotforaprovider.
Howto“TORify”ICQSkype,µTorrent.
TheschemeissimilarforICQandSkype:“Tools—Settings—Inaddition—Connections”,findtheinsertSOCKs5,andthenwritethefollowingnumerals127.0.0.1:9050
For µTorrent you should move into “Settings-Settings of the program-Connections”.Furtheryoushouldchoosethesettingsasinthepicturebelow.
7.Relaymode
SafetyandefficiencyofTornetworkdependonthenumberofnodes,reliablefortrafficsending. They are called relay nodes. The EFF even held Tor Challenge in order tostimulateasmuchusersaspossibleforcreatingandconfiguringthesenodes.Asamatterof fact, article is devoted to this simple action. For work in relay mode you’ll need aserver,whereTorRelaywillwork.YoucanuseyourhomePCoryoucanreconfigureasmart router. I offer anotherway– touseVPS (VirtualPrivateServer).Tor software isprettymodestandcaneasilyworkonVPSwithminimalconfiguration.Memoryof256MBoreven128MBisenough.Diskrequirementsarelowtoo:itislessthan1GB.Priceofsuchserverpermonthisequaltoacupofcoffee.
So,weregisterVPS.ItshouldhaveaverifiedouterIP.Asforme,Ilikeyourserver,buttherearealotofVPS’switLinuxor*BSDonboard.Asarule,afterpurchasingyougetaserverwithalreadyinstalledLinuxdistribution.Chooseanyoneyoulike.IwillshowyouusingDebianasanexample.
Tostartwith,youshouldinstallToronyourVPS:
#aptitudeinstalltor
On default Torwillwork inweb clientmode: you can use it to operate online but foranyoneelseitisuseless.Someoneelse’strafficwon’tgothroughit.YoumustturnonTorRelaymode.
Also you must turn on Directory Service &mdsah; catalogue service, reliable forspreadinginformationaboutotherTorservers.Youcanuseundefinedportforsendingandforcatalogue.Defaultconfigurationfileofferstouseport9001forpacketsretransmittingandbroadcastandport9030forcatalogueservice.Butwewillmakeourserveravailableforports443and80.Theseportsareusuallyusedforwwwtraffic.
Open/etc/tor/torrcandwriteinthefollowing:
NicknameMyCoolNick
ContactInfoPerson<somebodyATexampledotcom>
ORPort443NoListen
ORPort9001NoAdvertise
DirPort80NoListen
DirPort9030NoAdvertise
ExitPolicyreject*:*#noexitsallowed
ExitPolicyreject6*:*#noexitsallowed
Underthe‘Nickname’writeinthenameoftheserver.Lateryou’lluseitforcontrollingserverworkviaspecialservicesonTorProject.
InContact Info lineyoucanwrite inyourcontact info(incase ifsomeonewillwant tocontactwith you).You also can leave it, then our serverwon’t be able to let someoneknow,whomitsowneris.
ThelasttwolinesforbidtouseourserverasExitNodoftraffic.Otherwise,Torwilltrytouse our server for the transmission of outgoing traffic of network on external servers.Unfortunately, not everyone uses Tor with good intentions, and if traffic abandons Torthroughyourserver,itcanaffectyou.
Inaddition, theprescribedconfigurationcompelsaserver to tell tootherparticipantsofnetwork,thataserverisaccessibleonports443forsendingpackagesand80forthereportofinformationaboutotherserversofnetwork.Thusactuallyaserverwillwaitreportsonports9001and9030.InDebian
Tor by default works not from under route and such configuration allows avoidingproblemswithconnectingtoports.
Bymeansofiptableswewillinfluencenecessaryconnectionbetweenportsnow.
If there are the special tools of tuning of network screen of iptables in the chosendistributive, it is possible to use it. It is simpler and more evident to do everythingyourself.
Wecreatethefileof/etc/iptables.save.rulesofsuchcontent:
#Generatedbyiptables-savev1.4.14onSatJul514:15:042014
*filter
:INPUTACCEPT[0:0]
:FORWARDACCEPT[0:0]
:OUTPUTACCEPT[22:1968]
-AINPUT-mstate—stateRELATED,ESTABLISHED-jACCEPT
-AINPUT-ilo-jACCEPT
-AINPUT-d127.0.0.0/8!-ilo-jREJECT—reject-withicmp-port-unreachable
-AINPUT-ptcp-mtcp—dport22-jACCEPT
-AINPUT-ptcp-mtcp—dport80-jACCEPT
-AINPUT-ptcp-mtcp—dport443-jACCEPT
-AINPUT-ptcp-mtcp—dport9001-jACCEPT
-AINPUT-ptcp-mtcp—dport9030-jACCEPT
-AINPUT-jREJECT—reject-withicmp-port-unreachable
COMMIT
#CompletedonSatJul514:15:042014
#Generatedbyiptables-savev1.4.14onSatJul514:15:042014
*nat
:PREROUTINGACCEPT[0:0]
:INPUTACCEPT[0:0]
:OUTPUTACCEPT[1:104]
:POSTROUTINGACCEPT[1:104]
-APREROUTING-ptcp-mtcp—dport443-jREDIRECT—to-ports9001
-APREROUTING-ptcp-mtcp—dport80-jREDIRECT—to-ports9030
COMMIT
#CompletedonSatJul514:15:042014
Bythisweoptimizeourtorserver’sworkandaccesstosshforremoteadministration.
It is left to prescribe loading of these rules. Usually I prescribe the start of iptables -restorein/etc/network/interfaces:
autolo
ifaceloinetloopback
pre-up/sbin/iptables-restore/etc/iptables.save.rules
OnYourserverthefileof/etc/network/interfacesisbeingrewritteneachtimeatre-starts,itisthereforepossibletodohardlydifferently.
For example, to put loading rules of iptables in /etc/rc.local. For this purpose in EOFbeforeexit0weputaline.
/sbin/iptables-restore/etc/iptables.save.rules
Inconclusionwerestarttorserver:
#servicetorrestart
Wecheckthatwedideverythingallright.Afterawhileafterrestartoffile/var/log/tor/loglinesmustappear:
Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishingserverdescriptor.
Torhassuccessfullyopenedacircuit.Lookslikeclientfunctionalityisworking.
Self-testingindicatesyourDirPortisreachablefromtheoutside.Excellent.
Performingbandwidthself-test…done.
In hour or two, when information will revive in a database, it is possible to call onglobe.torproject.org/ and,writing nickname of the server in the line of search, tomakesurethatthenetworkofTorwasfilledupbyanotherpointofredistributionofdata.
Firstlythroughanewservertrafficwillnotgo.AcourseoflifeofTorRelayisathemeoftheseparatearticle.
UPD:AsindistributivesthelastversionofTordoesn’talwayslie,makessensetoconnectspecialrepositories.
So for Debian and Ubuntu it can be connected official repository oftorproject.org. For this purpose in /etc/apt/sources.list.d/we create the file oftorproject.listofnextcontain:
debhttp://deb.torproject.org/torproject.orgDISTRIBUTIONmain
Where instead of DISTRIBUTIONwewrite the version of your distribution(forexamplejessieorsaucy)Doit
#gpg—keyserverkeys.gnupg.net—recv886DDD89
#gpg—exportA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89|apt-keyadd-
#apt-getupdate
#apt-getinstalltor
tor,vps,torrelay
8.AdjustmentandworkwiththeVidaliaPoliposhell
There are Internet providers who forbid the use of Tor. Repeaters are required to helplocked users with Tor to get an access. Since bridges are not registered in the publicdirectoriesascommonrepeatersthenprovidercannotcloseanaccesstoallbridges.Openaddressesofbridgescanbe foundherehttps://bridges.torproject.org.Oronecanwritealetter to [email protected]. Indicate subject “get bridges”. Inquiry should bemadeonlyoutofanaccountGmail.
YoushouldunderstandthattheveryfactofTorinstallationdoesnotanonymizecomputernetwork connections. Additional software components and adjustments are necessary.SoftwareprogramToronly controls cyphering anddetermines thepathof software suitpassthroughtherepeaternetwork.
1.Firstofallweneedvirtualproxyserverinstalledonauser’scomputer.Sometimesitiscalled“filteringproxy”.SuchproxyisanintermediatebetweenuserapplicationsforworkintheInternetandTornetwork.
Therearetwobasicversionsoffilteringproxyserver-PrivoxyandPolipo.
Several years ago development engineers of Tor system recommended using Privoxy.NowtheyincludeinallassembliesonlyPolipoputonlineattorproject.org.(?)
Itisquitedifficulttocomparethemaccordingtotheircharacteristics.Polipoisconsideredtiny–sizelessthan200K.Allitsadjustmentsarecontainedinthefilepolipo.conf.Icouldnotfinddetailedliteratureregardingitssettings.Perhapsitisnotnecessary.
Forworkwith theTor systemone should use polipo proxyversion not less than 1.0.4,becauseearlierversionsdonotsupporttheworkwithprotocolSOCKS,andasaresultarenotsuitablefortheTorsystem.
Privoxy—isafreeweb-proxywithenhancedcapabilitiesoffilteringInternetcontentforthe purposes of Internet users’ privacy protection. The last version is 3.0.17. (2011).HoweverPrivoxyisusedfrequentlyasanintermediatebetweenapplicationsandsoftwareprogram Tor. It should be remembered that Privoxy could be a totally independentsoftwareprogramprotectinginterestsofitsusersonthelevelofprotocolHTTP.
Whichproxyoutoftwoonewilluseonhis/hercomputerisamatterofaself-dependentdecision.Itisflatlynotrecommendedtousethemsimultaneouslysincebothproxyserversusetheport8118,andduringcombinedoperationproblemscanoccur.
Thesimplestadvice:forthosewhodonotwanttogothroughthehassle,itisbettertousePolipowhichisapartofallthelastassembliesonthewebsitetorproject.org.Thosewhowish to have more additional features for adjustments should download and set upPrivoxy,andthenduringinstallationofassemblyexcludePolipofrominstallation.
2.ForTorsystemloadingandworkmanagementthesoftwareprogramVidaliaisused.ItisfrequentlycalledgraphicalshellforTor.
InthesettingsofVidaliatherearemeanstolaunchTorandfilteringproxyduringlaunchof Vidalia, launch and stop Tor during operation, look through Tor network map andothers.Workwith theVidaliawill bediscussed furthermore elaborately.TorparametersettingswiththehelpoftheVidaliashell.
WhenlaunchingthesoftwareprogramVidaliaasignVidaliashouldappearintheformofonion.IntheoperatingsystemWindowsitappearsinthesystemtray(nearthewatch,seethepicture).IntheoperatingsystemUbuntuitappearsonthetaskbar.YoucanlaunchthewindowVidaliabyclickingaleftmousebuttononitssign.
1 2
OnthefirstpictureTorisswitchedoff,onthesecond–switchedon.
NowwhenyouhaveTorfilteringproxyserverandVidaliayoucanadjustapplicationsforworkwithTororastheysay“totariffapplications”.
InstallationofToronWindowsoperatingsystem–VidaliaBundlepack
UnlikeTorBrowseralltheotherassemblies(packs)carryouttheinstallationofTorandofadditionalcomponents.
Componentsworkquite the samewayas in theTorBrowser,but thereare someof thefiner points. For instance if the browserMozilla Firefox has not been set up then theTorButtonwillnotbesetupalso.ThatiswhyitisrecommendedtosetupFirefoxbeforetheinstallationoftheVidaliaBundle.
ThefollowingpicturesillustratetheVidaliaBundleinstallationprocessonWindows7>:
Choosetheloadfileandsafeit
Launchthesetupfile
Necessaryoptionsarealreadymarkedwithticks“bydefault”
If a user wishes to use other configuration, for example to use filtering proxy serverPrivoxy or other browser for anonymous operation, ticks have to be removed fromunnecessary components. At the same time the Privoxy and browser should be set upbeforehand.
Intheearlierversionstherecanbeanotheralternative:
AssemblingoftheVidaliaBundleforWindowscontainsTor,Vidalia,Polipo,andintheearlierversions–theTorbutton(thenumberofversionscanbeseenonthepictures).
If theFirefox is not set upon a computer then the software installationprogramwarnsaboutthat,advicestosetupitandrepeatinstallation.
All the standard configuration components are set up by default adjusted for jointoperation.
Further,choosetheloaddirectoryorleavethesuggested:
Viewofsetupwindows
ThesoftwareprogramTorissetupasaclient-sideprogrambydefault.Itusesabuilt-inconfigurationfile,andthemajorityofusersdonotneedtochangeanysettings.
TorparametersettingswiththehelpoftheVidaliashell
The software programVidalia works as a graphical shell for the Tor system. It workspracticallyonallplatformsincludingWindows,MacOS,LinuxandothersUnixsystems.
If the Tor Browser assembly is used, than the Vidalia is launched with file Start TorBrowser.exefromthecatalogue<TorBrowser>
If thepackVidaliaBundle isused–you launch the filevidalia.exe from thecatalogue:<installationcatalogueVidalia-bundle\Vidalia>
When launching a sign Vidalia should appear in the form of an onion. In the Ubuntuoperatingsystemitappearsonthetaskbar.IntheWindowsoperatingsystemitappearsinthesystemtray(nearthewatch).
Inordertolaunch“VidaliaControlPanel”youcanclickaleftmousebuttononitssign.
Vidaliasettingsareclearandcomprehensible.Thoughwebrieflyenumeratethem:
-TorLaunch/Stop(Start/StopTor)
-Serversettings(Sharing)establishanoperatingmode(client,serverorbridge)
-Networkoverview(NetworkMap)
ShowingTornetworkmap:
DuringTornormaloperation,circuitsinuseshouldbelistedinthelowercentralwindow.Atthesametimeintheneighboringwindowtotherighttheserversofachosencircuitandtheircharacteristics shouldbe listed. In theupperwindow theirgeographical location ispresented.
Withthehelpofthenetworkmapyoucanchooseserversaccordingtotheirbelongingor
speed.
-Changetheidentity(NewIdentity).ItchangesTorcircuitandasaresult–outputIP-address.
Afterthesuccessfulchangeintrayamessagewillappear
-Trafficschedule
ShowsinputandoutputtrafficandTordatarate:
-MessageLog.ItallowsviewingToroperationlogs:
-Settings.Itopensthewindow“Settings”:
-Flap“General”allowssettingupTorcomponentslaunchprocedures
- Flap “Network” allows writing out-proxy server (“I use proxy for an access to theInternet”)or/andbridge(“MyproviderblocksupanaccesstotheTornetwork”)(readintheInternet–Torblockingandhowtocopewithit.
-Flap“Advanced”allowssettingup(checking)parametersofTCPconnection(127.0.0.1port 9051) aswell as determining (controlling) locationof a torrc settings file anddatacatalog.Moreover,fromhereyoucanedittorrcconfigurationfile.
-Flap“Appearance”allowschangingviewsettingsaccordingtoYoursystem
-Flap“Services”allowsaddingaddressesandportsofcomputersintheVidalianetwork.
-Flap“Help”callstheVidaliaHelpDesk.
Asyoucanseefromtheaforesaidwith thehelpof theVidaliashellyoucansetupandcontrolquitealotofTorsystemparameters.
TordelicateadjustmentAsa rulestandardsettings,whichare fulfilled in theVidaliashell,arequiteenoughforfullvalueanonymousoperationintheInternet.HoweverinsomecasesyoumayrequireadditionalchangesofTorparameters.
Such changes are carried out by editing Tor configuration file and are called delicateadjustment.
FilteringproxyPolipoconfigurationfile
Herethesimplestvariantofpolipo.confconfigurationfileislisted(onlynotcommented-outinstructions).
###Basicconfiguration
proxyaddress=“127.0.0.1”
proxyport=8118
allowedclients=127.0.0.1
allowedports=1-65535
proxyName=“localhost”
cacheIsShared=false
socksParentProxy=“localhost:9050”
socksProxyType=socks5
chunkHighMark=33554432
diskCacheRoot=””
disableLocalInterface=true
disableConfiguration=true
dnsUseGethostbyname=yes
disableVia=true
censoredHeaders=from,accept-language,x-pad,link
censorReferer=maybe
maxConnectionAge=5m
maxConnectionRequests=120
serverMaxSlots=8
serverSlots=2
tunnelAllowedPorts=1-65535
Configurationfile–isacommontextfile.Itbearsthenameoftorrc(withnoextension)andislocatedin:
-whenusingTorBrowserassembly–incatalog..\<CatalogTorBrowser>\Data\Tor
-ininstallationpacks-<DocumentsandSettings\<user>\ApplicationData\Vidalia
-inUbuntuLinuxoperatingsystem–incatalog/etc/tor
SoftwareprogramTorduring loading(reloading) firstofall readsconfigurationfileandsetsupoperationalcharacteristicsinaccordancewithvaluesofinstructionsintorrcfile.
Torrcfileeditingcanbecarriedoutinanelementarytexteditor:Notepad,AkePadetc.Itisdesirablethatbeforeeditingyousafeoriginaltorrcfileinthesamefolder.Forexampleyouaddtoanametheextension*.bak,*.001etc.
ForchangestotakeeffectyouneedtoreloadallTorsystemsoftware!
1.FixationofoutputorinputTornetworknode
Intercourse with Tor users shows such a nuance – by far not everyone likes constantchangeoftheirIPaddress.
ItwillberecalledthatoutputserversinTorconstantlychangeinarandommanner.Forauser it means that his/her IP is unstable. In respect to attended resource a user at anymomentcanturnfromanAmericanoraFrenchmanintolet’ssayJapanese,Hinduoranyotherperson.
Suchmethodofapproachessentiallyincreasesthelevelofanonymitybutincertaincasesisunacceptable(forinstanceduringworkwithwebsitesfixinguser’ssession).
InTorthereisapossibilitytodirectlyindicatewhichservershouldbeoutput.InsuchcaseIPwill be constant. Tor creators do not recommend acting thisway because it reducesanonymity.Hereausermustdecideforhim/herwhatismoreessentialbutIwilltellyouhowtogetridofaconstantIPchange.
YouwillhavetoeditTorconfigurationfile,itiscalled“torrc”andyoucangettoiteitherthrough “Start” -> “Programs” -> “VidaliaBundle” -> “Tor”, -> “torrc”, or find in thefolder\DocumentsandSettings\user\ApplicationData\Vidaliaorrc.Torrc–commontextfile,itisopenedbythenotepad.
Forthatintorrcwritetwolines:
ExitNodes<nodename>
StrictExitNodes1
Where:
VariableExitNodes–indicatestouseacertainserverasoutputnode
StrictExitNodes1–isanindicationthatincaseofunavailabilityofachosenserveryoudonotattempttobelinkedtootherserverbuttakeoutamistake.
Itisallowedtowriteseveralnodesseparatedbycommasor,forexample,byindicatingExitNodes{de}–thenwewillgetonlyGermanserversasoutputservers(“turninto”aGerman!).
Youcanfindnecessaryserverat:http://torstatus.kgprog.com/orhttps://torstat.xenobite.eu/
These are the lists of Tor network servers, you can select the required according tocountry,speed,traffic.Specialattentionmustbedrawntoanabilityofaservertoworkasoutput.
Itisclearthatservers,whicharenotoutputservers,willnotworkinthiscapacity.
Chooseaserverandwriteitsname(RouterName,Nickname),forinstance:
ExitNodes1000rpmLinux
StrictExitNodes1
Safechangesinconfigurationfileandthat’sall,nowIPisstatic.Itisallowedaswelltowrite several nicknames separated by commas (nickname1, nickname2, nickname3), inthiscaseoutputserverswilldynamicallychangebutbechosenfrompermitted.
Itisclearthatnetworkefficiencyinthiscasedependsonavailabilityofanoutputserver,andincaseTorstopsconnectingwithwebsites, inthefirstplaceyoushouldcheckifanoutputserverhavegonewhack.
Similarlyinputnodeisfixed:
EntryNodes<nodename>
StrictEntryNodes1
Thereisanotherhelpfulsettingofthatkind–TrackHostExitsfixesoutputnode(host)forgiven domainswhat enables to safe a session for those serverswhich check IP clients.Syntaxofrecordisthefollowing:
TrackHostExitshost,.domain,…
2.Exclusionofsuspiciousnodes
Toexcludedoubtfulnodes(forexample–Russian,Ukrainian,Turkish)youhavetoaddtotorrctheline: ExcludeNodes{ru},{ua},{tr}
Oryoucanindicateacertainlistofnames.
NowifinquisitiveguyswithgreyeyesinthosecountrieshituponanideatomakeafalseTor-serverandattempttotapoutputdatathenwecannotaccesssuchserverinanyway.
Thereisahelpfulfeatureoftorrcfile.Thisiscommentary.Tordoesnotcarryoutalineintorrcfileifalinebeginswiththesign“#”.Duetocommentariesyoucansafestoragesintorrcfileandifnecessaryquicklyswitchthemonbyremoving“#”.
3.Writingaproxy-serverinTor
AddthefollowinglinesattheendofTorconfigurationfilechanging<proxyaddress>and<portnumber>(aswellas<login>and<password>,iftheyare)intoparticularvaluesoflinkedhttporhttpsproxy-server.
#ForceTortomakeallHTTPdirectoryrequeststhroughthishost:port(or
#host:80ifportisnotset).
HttpProxy<proxyaddress>:<portnumber>
#Ausername:passwordpairtobeusedwithHTTPProxy.
HttpProxyAuthenticator<login>:<password>
#ForceTortomakeallTLS(SSL)connectionsthroughthishost:port(or
#host:80ifportisnotset).
HttpsProxy<proxyaddress>:<portnumber>
#Ausername:passwordpairtobeusedwithHTTPSProxy.
HttpsProxyAuthenticator<login>:<password>
AftercorrectingandsavingtorrcfileyouneedtorestartTor.
To check settings you can use Vidalia graphical shell or Tor-analyzer (go tohttp://check.torproject.org).
ThelistofseveralTorinstructions(settings)
EntryNodesnickname,nickname,…
It isa listofserverspreferableforuseas“input”todetermineTCP/IP-connectionswithTorroutersnodalcircuit,ifitispossible.
ExitNodesnickname,nickname,…
It isa listof servers,whichpreferably take the roleofclosing link inTor routersnodalcircuit,ifitispossible.
ExcludeNodesnickname,nickname,…
Itisalistofnodes,whichshouldnotbeusedwhenmakingupnodalcircuitatall.
StrictExitNodes0|1If it is setup in1,Torwillnotuseanykindofnodesexcept thosewhichare in the listofoutputnodesasmediatorssettingupconnectionwith targethostandwhichareapeculiarclosinglinkinnodescircuit.
StrictEntryNodes0|1
Ifthevalue1isassignedtothisparameterthenTorwillnotuseanykindofnodesexceptthose,whicharepresentinthelistofinputnodesforTornetworkconnection.
FascistFirewall0|1
If the value 1 is assigned to this parameter thenTorwhen setting up a connectionwillexclusivelyrefertoOnionRouterswhichhavestrictlydefiniteportnumbers(withwhichyourfirewallenablestoestablishconnection)opentocarryoutconnection(bydefault:80-th(http),443-rd(https),seeFirewallPorts).ThiswillallowTor,launchedonyoursystem,towork as client for firewall having strict limiting policy.Opposite statement iswrongbecauseinthiscaseTorcannotfulfillthedutiesofaserverclosedbysuchfirewall.
FirewallPortsPORTS
Thelistofportstowhichyourfirewallallowsconnecting.ItisusedonlyunderadjustedparametervalueFascistFirewall.(bydefault:80,443)(Default:80,443)
LongLivedPortsPORTS
Thelistofportsforservices,whichtendtoestablishunusuallylongconnections(amongthese are mainly chats as well as interactive shells). Nodal circuits out of Tor routers,which use these ports, will contain only nodeswithmost high uptime (typical time ofpresence in network) with the purpose of decreasing the probability of nodal serverdisconnection fromTor network before closing of flow (by default: 21, 22, 706, 1863,5050,5190,5222,5223,6667,8300,8888).
MapAddressaddress:new_address
Whenarequestfor indicatedaddresscomestoTor,onionrouterchangesaddressbeforetakinguprequestprocessing.Forexample,ifyouwantTornodescircuittobeusedduringconnection towww.indymedia.orgwith output through torserver (where torserver – is apseudonym of server), use “MapAddress www.indymedia.orgwww.indymedia.org.torserver.exit”.
NewCircuitPeriodNUMBER
EveryNUMBERofsecondstoanalyzetheconnectionstatusandtakeadecisionifanewnodalcircuitformationneedstobeinitiated(bydefault:30seconds).
MaxCircuitDirtinessNUMBER
Topermitarepeateduseofcircuit,forthefirsttimecollectedinacertaincompositionofitslinks–thebiggest–NUMBERofsecondsago,butneverjoinanewflowtoacircuitwhichservedthissessionduringquitealongtime(bydefault:10minutes).
NodeFamilypseudonym,pseudonym,…
DenominatedTorservers(inapredictablemanner,toincreaseadegreeoftransparencyofTornetworkhierarchy)uniteina“family”onthebasisofgeneralorjointadministration,soyou shouldavoidusingany2of thesenodes“relatedby family ties” inoneand thesamechainofanonymousTorrouters.SpecialtaskofoptionNodeFamilycanbeneededonlythen,whenaserverwiththispseudonymdoesnotreporttowhich“family”itreckonsitself,thatshouldbeproclaimedbymeansofindicatingtheparameterMyFamilyintorrcfileonthesideofORserver.Multipleindicationsofthisoptionareallowed.
RendNodespseudonym,pseudonym,…
Thelistofnodesthatshouldbeusedasrendezvouspoints(meeting)asfaraspossible.
RendExcludeNodespseudonym,pseudonym,…
The list of nodes that in no circumstances should be used when choosing rendezvouspoints(meetingpoints).
SOCKSPortPORT
TonotifyTorthatconnections,whichareinstalledbyapplicationsusingSOCKS-protocol,must be bugged in this port. Zero-fill this parameter if you do not need applicationsestablishing connections according to SOCKS-protocol by means of Tor. (Value bydefault:9050).
SOCKSBindAddressIP[:PORT]
Toestablishlinkagetothisaddressforhearingrequestsforconnectionfromapplicationsinteracting according to SOCKS-protocol (by default: 127.0.0.1). You may as wellindicate port (for instance, 192.168.0.1:9100), which, it is clear, should be “open” bymeans of corresponding firewall setting on a machine for a specified purpose.Determination of this option can be repeated many times to carry out simultaneous(“parallel”)linkagetoahostofdifferentaddresses/ports.
SOCKSPolicypolicy,policy,…
It assigns policies of entering a given serverwith the purpose of limiting the circle ofclients’machines,whicharepermitted toconnect theSOCKSport.Descriptionof thesepoliciesisintroducedmuchashowitisdoneforoutputpolicies(seebelow).
TrackHostExitshost,.domain,…
Foreachofvalues in the listseparatedbycommasTorwill tracerecentconnectionsforhosts corresponding to this value and will attempt to use one and the same output(locking)nodeforeachofthem.Ifanordinarylistitemisanticipatedbythesymbol“.”,then itsmeaningwill be treated as a corresponding to domain in general. If one of listitems consists of only one “point” then it displays its “universal” correspondence to allpathnames.Thisoptioncanturnout tobeuseful ifYoufrequentlyestablishconnectionwiththeserverswhichcancelallrecordsofYourfinishedauthentication(i.e.forceYoutoleave and register again) during carrying out an attempt of TCP/IP-connection addressmodificationestablishedwithoneof such serversonYournew IP-address after itsnextchange. Draw Your close attention that use of this option is disadvantageous for You,becauseitallowsservertodirectlyassociateconnectionhistory,requestedbyadefiniteIP,withYouruseraccount.Thoughbasically if anyoneneeds to collect all the informationaboutYourstayinserver,thosewhowishinanycasecandothatbymeansofcookiesorothermeansspecificforexchangeprotocolbeingused.
TrackHostExitsExpireNUMBER
Sinceservers,beingoutputlinksofnodalcircuit,areentitledtostartworkandenditatitsown discretion i.e. one way or another – arbitrarily, randomly, it is desirable, thatassociationbetweenhostandoutputnodeautomatically loses itspowerontheexpiryofsomeNUMBERofsecondsoftotalnetworkactivityabsenceonthepartofaserver.Bydefault–1800seconds(30minutes).
ThusTorcanbequiteeasilyconfiguredaccordingtocurrenttasks.
ExistentsetofTor instructions issufficientlybig.Considerationof themallexceeds thelimitsofthepresentreview.Hereonlyseveralmosttypicalvariantsofeditingandmerelyapartofinstructionsarepresented.Thefulllistandsyntaxofinstructions(inEnglish)youcanfindonTordevelopmentengineers’website.
Visithttps://www.torproject.org/tor-manual.html.en
9.TheusageonSmartphone
Ifyouareinacountrythatblockwebsites,forexample,China,maybe,youareevennotabletogetaccesstothecertainwebsites.Torallowsanonymouslylookingthroughawebandgoingroundcensorshiponadesktop.OrbotgivesTorforAndroid,soyouwillbeabletodothesameusingsmartphone.
IfyouareconnectedtothecellularcommunicationofdatatransmissionorWi-Fi-Orbotworksalso.LikethepackageofTorBrowserBundleforthepersonalCOMPUTER,itisconnectedtothenetworkofTorandallowsanonymouslylookingthroughwebpages.
Ifyouareadissidentinsuchcountry,asIran,itmeansthatagovernmentcannotfindyou,after placing of critical information in the Internet. Anonymity also allows avoidingcensorshipintheInternetandgettingaccesstothewebsites,thatespeciallyusefulinsuchcountriesasChina,wherethereissuchcensorship.IfyouareintheUSAorsomewhereintheworld,itmeansthatyourvisitsoftheInternetwillnotberelatedtoyouandkeptinthearraysofdatabasesduetoPRISMorsimilarprograms.
InthepastthisfunctionalitywaslimitedbypeoplethatusedToronthecomputers.NowyoucanbeconnectedtoToronAndroidthatallowsusingToronamobiletelephone.Inaddition topreventionof interceptyou theprovider,operatorandgovernment, thereareotheradvantagesthatisgivenbyToratmobileaccess.Forexample,youcanuseTwitteronAndroidviaTor.
SomeauthoritariangovernmentsblockedaccesstoTwitter,thatatdemocraticprotestsyouwerenotable toobtain information,butTwitteronAndroidcanbesetupon theuseofTor.ThenTwitterwillremainaccessible,evenifagovernmentblockedaccesstohim.
ConnectingtoTorthroughOrbot
Orbotisthemostessentialpartofpuzzle.ThisapplicationofAndroidisconnectedtoTorand creates local proxy that other programs can use on Your smartphone, gettingpermissiontobeconnectedthroughTor.
To tune Orbot is easy, simply set the program, open it and pass through configurationmaster.
Ifyouhaveaccesswithadministrative rightson theSmartphone,Orbot can functionastransparentproxies.Inotherwords,itcanautomaticallymakeallnetworktraffictopassthroughTor. Ifyouwilldo this route, thenkeep inmind that someprogramscan showyourrealIP-address.Inordertolookthroughanonymously,youmustuseabrowserthatiscreatedtohideIP-address.Ifyoudon’thavesuchrights-it iswell,becauseyoucanuseOrbotwithOrwebandotherprograms.
Press long on the icon of Orbot and Orbot will connect to the Tor network. An iconilluminatesgreenduringconnectingtoTor.
AnonymousbrowsingviaOrweb
SinceOrbotissetandstart,youcanusethebrowserofOrwebforanincognito.OrwebiswelladjustedforworkwithOrbotandTor.Forexample,Orwebdoesnotkeephistoryof thevisitedpagesorother informationaboutweb-sites thatyou have visited.Orweb also disconnects JavaScript and flash by default, aswellasTorBrowserBundleonadesktop.JavaScriptandflashintheorycanbeusedbyaweb-sitefordeterminationoftherealIP-addressofyoursmartphone.
ForthestartofOrwebfromwithinOrbotsimplypressontheiconofglobeinoverheadpartofscreenofOrbot.OrwebwillbeopenedandwillshowareportthatheisconnectedtoTor,ifallworkscorrectly.NowyoucanusethebrowserofOrwebforanincognito.
OtherprogramsthatworkwithOrbot
Orbotalsocanbeusedasproxy-serverforotherapplications.Anyapplicationthat supportsproxies in theorycanpass the traffic through theproxiesofTorOrbot. Nevertheless, Orbot contains the list of other programs that can beadjusted on work with him. For example, you can use for the reliablecommunication Gibberbot, for a search through Tor is application ofDuckDuckGo, to look through the Internet with Firefox for Android and byapplicationofProxyMobile,ortosettheproxiesofTwitteron“localhost”andport8118.
If you have access with administrative rights and you adjusted transparentproxies, then other applications must work with Orbot in theory, but moresafely,ifyouusetheprogramsspeciallytestedforcorrectworkwithTor.
KeepinmindthatviewingisconsiderablyslowerwhenyouuseTor,asusual,becausetheprocessofroutingaddsoverheadcosts.However,ifyouneedanonymouslytolookoveraweborgoroundcensorship,thenthisdeclineofspeedwillbeasmallpay.
10.HowtocheckToroperation?
InordertocheckhowTorensuresanonymityyouneedtogotooneofthewebsites,whichcandetermineandhighlightIP-addressandseveralotherdataaboutauser.Thelistisputbelow.
Inorder toknowyourrealIP-address–youcanenteroneof thesewebsitesexceptTor.(For example checkip.com or Tor website test page - https://check.torproject.org etc.)RememberyourIP-addressandstartchecking.
SwitchonTorandenterafewtestwebsitesoneafteranother.
In order to avoid amistake IP check always should be carried out on resources,whichreliably consider different nuances.That is to say, if anonymitywere important, then itwouldnotbesuperfluoustobeverifiedinseveralplacesnotrelyingupononeservice.
Belowarelistedlinkstothemostreliableandinformativeresources:
- The following website contains a set of various proxy server tests for anonymityincludingJava-checkhttp://www.stilllistener.addr.com/checkpoint1/index.shtml
-ThefollowingwebsitedisplaysIP-addressand(henceIP)acountryofresidence,aswellasinformationaboutaprovider:http://www.anonymize.net/current-ID.phtml
-http://smart-ip.net/-youcanlearnHTTPandSOCKSProxyaddresses
-http://ip-whois.net/,-http://clientn.free-hideip.com/map/whatismyip.php
http://smart-ip.net/tools/geoip,http :// checkip.com,http://torcheck.xenobite.eu/
If none of the test websites do not highlight a real IP-address then Tor ensured youranonymity!
Thank you very much both for downloading this eBook and for reading it from thebeginningtotheend.
Ifyouenjoyedthisbookorfoundituseful
I ‛ dbeverygratefulifyou ‛ dpostashortreviewonAmazon
Yourpost reallydoesmakeadifferenceand Icangetyour feedback&make thisbookevenbetter.