TOR | Achieving Internet Anonymity

By -

I don't remember how I first heard about TOR. But then I was forced to use it. No! not because I wanted to send a threat mail to the govt, but because I wanted to download stuff off a web drive that refused me downloads due to my IP. Since TOR masks your IP (among other neat things it does), I guessed I could fool the download servers into thinking that I was someone else. IT WORKED!!!

That's when TOR really got me interested. been using it since 2005 and am continually amazed at how the system works (thanks EFF!!). So here I share TOR with you today. While its a great system, I would discourage you from testing it on a Govt agency. I will not take responsibility if you get yourself implicated ;)

So hHere's how TOR does its stuff



Though it looks pretty simple, its not! The system is so secure that even a person running a rogue TOR node will not be able to track the origin of the request no matter how sophisticated packet analysis he is capable of. For a low-down on how this beautiful system works, you can listen to Steve's Podcast (Security Now - Episode 70). I have pasted part of the show notes below.


[EXTRACTED FROM STEVE GIBSON'S SESSION WITH LEO LAPORTE]

TOR is something that interests a lot of people. We talked about the vulnerability of using a single proxy as an anonymizer because in fact traffic analysis, while complicated, like in cryptographic terms it’s trivial. If you take the case of one user using a proxy, it’s obvious who they are and what sites they’re visiting because anything they do is being done on their behalf by the proxy. Okay, so now that’s easy. Now two users are using the proxy. Well, it’s a little more difficult. But by looking at the timing of the arrival and departure of packets and the relative sizes of the packets, you could still probably disambiguate the actions of two users across a single proxy.

So knowing that, this notion of a network of proxies was created. And that’s what TOR is. TOR stands for The Onion Router.

So we start with a massive network of onion router nodes. Somebody wants to create a connection through this network to a remote server. They want to use it for web surfing, they want to use it for sending messages, for email or whatever. The TOR system, which is in its second generation now, is a general purpose TCP conduit. So instead of being protocol-specific, for example like a proxy might be an HTTP web proxy and proxying web requests, the onion router system is a general purpose TCP transmission system, so you’re able to potentially run any protocols through it that you want to. The originator of a connection chooses at random some number of onion routers that are in the network. And these things, since there’s nearly a thousand of them, they’re scattered far and wide all over the globe.

[Read more at http://www.grc.com/sn/SN-070.htm]

Comments

Post a Comment

Popular posts from this blog

multi-screen mania!

By -
Image
Seems ages ago.. when I gave up on my 15 incher, dug deeper into my pocket and brought home the Samsung 955DF for around 13K (INR). Three years later I still do not have a reason to replace it. It's as good as new and seems to be doing better than when I first switched it on (thanks Displaymate!!). At 100 Watts/hr, this 23 KG giant still leaves me lots of room on my desk. Room for what??? Well that's when I got this crazy idea. Why not do away with application switching? I was hooked onto multi-monitor rigs from the days of Swordfish . Guess What! I plan to retire the 19" CRT and replace it with 2 x 20"/22" LCDs by end of this year. Currently I am watching LCD prices drop. I may not be able to duplicate what John did in Swordfish, but I do plan to have something like what Chris Pirillo has --> http://www.flickr.com/photos/lockergnome/454273055/
Read more

CrossEngine: Seach Engine Mashup

By -
Image
CrossEngine!! I would call this search engine as a mash-up of all search engines. CrossEngine allows us to search across a wide variety of search engines. Here is what I found intresting with this Engine: Clean & Intuitive Dashboard More than 300 search resources No internal ads from CrossEngine Team As per CrossEngine help pages, it was launched as MrSapo.com in Sep. 2004. This search mash-up is owned and operated by Intelways LLC, (Woodstock, GA) . One more intresting feature I found is website customization. We can coupled our website with CrossEngine . How? Try: http://crossengine.com/?window=http://www.msn.com And, you would be able to see the resulting page as your browser's default homepage. Enjoy!!
Read more