TOR (The Onion Router) is a free tool for making your web traffic completely anonymous. With a jailbroken iPhone, you can use it for safety on the go. You need: -A jailbroken iPhone with cydia.Sn internet connection. Tor is the onion router, and its job is to look after the journey that your network traffic takes along the way, whether you’re running a browser that’s making requests, or operating a server.

A 3 minute read written by
Lars-Erik Wollan

Does the US government sponsor the development of the darknet? What is The Onion Router project and why should you be anonymous on the internet?

Today most users of the internet have, to some degree, understood that their activities are traceable and there is probably someone that can see what you did, when you did it, even if your iPhone has private browsing enabled. Others do not, and could not care less. “I have nothing to hide”

When, what we know of today as the net, was developed, we have a sneaking suspicion that the inventors were more than happy that it actually worked, than they were worried about security and privacy. Imagine the sheer joy that sending packets over networks actually worked in the late seventies. Using simple, but neatly designed, protocols, they were able to route packets across the world. Security was not high on their agenda.

Today however, we use the internet for far more than anyone of the original researchers could have foreseen. The net is used for just about anything, from doing business, reading news, communicating and let’s not forget, watching cat videos on social media. The global nature of the internet gives anyone, anywhere in the world, the freedom to publish content, from palm of their hand.

The fair share of the internet is happy post their selfies and send the mandatory “happy birthday” greeting on Facebook. There are however locations and situations where the consequences of posting news an oppressive regime or leaking documents, which proves misconduct by authorities, can be dangerous or even illegal. Fake news and false leaked documents are a rising problem, but we must not under estimate the effect organizations such as WikiLeaks and individuals like Chelsea Manning and Edward Snowden have had on our understanding of the world we live in. Before the prevalence of the internet, leakers and inside sources had to find journalists, and a newspaper, that were willing to publish their information. Publishing information on the internet should in theory be easy, but many major platforms have limitations on what content they will let their users publish. The operators of these networks can also be ordered by law enforcement to give out information about the source of the content.

Sometimes you need the option to be anonymous. The Onion Router, known as TOR, is a network where the traffic is routed via a number of special TOR nodes to conceal where the traffic originates and the traffic is encrypted. Each time the traffic bounces through the nodes, is encrypted, like layers in an onion. In the onion network the traffic cannot, easily, be eavesdropped. When the traffic leaves the onion network, through an exit node, is will be routed like normal internet packets. The overhead with encrypting and bouncing via the onion nodes reduce the throughput of the onion network, so that using TOR for everyday usage is not a pleasant experience.

Many of the ideas behind the onion router was developed by employees of the United States Naval Research Laboratory in the late 80-ties. The American government continued to sponsor the development via different organizations. However, in 2004, the source code was transferred to the Electronic Frontiers Foundation, which did much the fiscal sponsorship of the TOR project. Today the development is funded by a wide range of companies and organizations and releases are made available for users and researchers.

Today TOR is probably associated with more shady activities by criminals, hacktivists and services as the now defunct Silk Road. But not even TOR is a guarantee that someone can intercept your messaging or avoid you being tracked on the net. Evidence provided by Edward Snowden has shown that nation agencies such as the FBI has attacked use of the TOR network.

Maybe you do not need to be anonymous on the internet, maybe the technology can be abused and maybe it is not 100% secure, but it is good to know that we have bright minds working on solutions for these problems. If you want to play around with onion routing and have a spare Raspberry Pi laying around, you can transform it to a TOR network router. Check out this link.

Happy privacy.

The headline image above is a cool visualisation from OnionScan #3.
It represents the surprising degree of “connectedness” inside Tor.

These days, most of us are well aware of how readily we can be tracked online.

Let’s ignore for the moment all the concerns we have about data breaches, surveillance, nation-state hackers, backdoors and so on.

Even in the most honest and well-meaning parts of the online world, we leave behind digital breadcrumbs that give away plenty of information about our likes, our pet peeves, the bus we usually take to work, and the browser we like best.

A few simple behaviours can limit the extent that we get tracked, such as turning off location services on our phones, regularly clearing our browser cookies, and taking the trouble to log out of our favourite social network sites when we’re not actually using them.

Occasionally however, we want to be really anonymous, and to keep our heads well below the parapet.

Indeed, online anonymity isn’t just for crooks, activists and whistleblowers.

Why use Tor?

If you think a web site is legitimate, but you’re not completely sure and would like to “try before you buy,” why not take an incognito look first, shielding your name, your IP number, even your country?

If you’re investigating a website that you think has ripped off your intellectual property, why advertise who you are?

If you want to know more about unexceptionable topics that it would nevertheless be best to keep private, such as medical issues, lifestyle choices or a new job, why shouldn’t you keep your identity to yourself?

Similarly, if you want to offer online services to help people with those very issues, you’d like them to feel confident that you’ll do your best to uphold their privacy and anonymity.

As we’ve mentioned many times on Naked Security, Tor (short for The Onion Router) is one popular tool for doing just that.

Tor’s “onion routing” deliberately and randomly bounces your web browsing traffic through a widely distributed network of nodes run by volunteers, so that no indiviual node in the Tor network knows both where your traffic started and where it finished up.

Crooks love Tor, of course, because it helps them hide in plain sight, and it helps them keep their servers going even after law enforcement investigators start searching for them to knock them offline or confiscate the data.

(If you are running a ransomware racket, for example, you lose hundreds of dollars for every victim who tries to contact you to pay up but can’t connect.)

How private and anonymous is Tor?

We’ve already written about the damage to your privacy that can be caused by Tor nodes that aren’t honest, or that have been hacked by dishonest users.

When your Tor traffic goes into the “onion network,” the first node in the list that you connect to, known as an “entry guard,” knows where you’re connecting from; you can’t easily avoid that.

And if your traffic emerges out of the onion network at the other end, the last Tor hop, or “exit node“, knows where you went, even if it doesn’t know who you are yet.

The onion router project

But that’s not all.

Tor is the onion router, and its job is to look after the journey that your network traffic takes along the way, whether you’re running a browser that’s making requests, or operating a server that’s generating replies.

Tor doesn’t look after the contents of your network traffic.

If you give away your name in a web form, or if your server identifies its location in one of its replies, Tor won’t dig into your traffic and “fix” the offending data.

In fact, for as long as your traffic is inside the onion network, Tor can’t see what’s in your packets at all, thanks to encryption.

That makes it hard to tell how careful the operators of your favourite dark web services are.

OnionScan #3

With this in mind, a privacy researcher in Canada recently published the third in a series of reports known as OnionScans:

The Onion Router Free

The aim of these reports is to provide an accurate and up-to-date analysis of how anonymity networks are being used in the real world.

If you use Tor, even for completely uncontroversial online activity, you should take a look at this report.

There are some interesting surprises in there.

By connecting to as many Dark Web services as they could find and looking for common factors in the boilerplate details of the replies that came back, the researchers were able to figure out which servers shared the same hosting company.

For example, when you login to a remote server using the SSH protocol (short for Secure Shell), the server sends you a public encryption key to use in keeping your traffic confidential.

Ideally, when a single server farm is providing SSH services for multiple customers, it will use a unique public/private keypair for each customer, but that’s always not what happens: a single private key is often shared amongst all the SSH instances.

As long as the server keeps its one-size-fits all private key secure, everyone is safe against eavesdroppers, so this is an acceptable convenience.

But it’s not much good inside Tor, because the shared public key ties those customers needlessly together in a way that is bad for privacy and anonymity.

The Onion Router Project

(In OnionScan #3, nearly a quarter of the SSH servers found within the Tor network shared a single SSH key, and were therefore hosted by a single operator – a much less varied ecosystem than you might have thought.)

Similarly, the researchers found that many FTP servers inside Tor had left identifying details in their login banners – the “welcome message” that the server displays when you first connect.

That’s a bit like answering your telephone to someone who’s never called you before by giving your full name slowly and clearly, instead of just saying “Hello,” and then wondering how the caller knows who you are.

What to do?

The onion router project

If you’re planning to use Tor, whether to run a client or a server, remember an old but simple saying: “Loose lips sink ships.”

Tor disguises the route that your traffic takes, but it doesn’t stop you saying or giving away things you didn’t mean to.

A good place to start for advice is Tor’s own FAQ, notably the section entitled Does Tor remove personal information from the data my application sends?

As for whether you should read the Tor FAQ using Tor itself…

OS X Mountain Lion (version 10.8) is the ninth major release of macOS, Apple Inc.' S desktop and server operating system for Macintosh computers. OS X Mountain Lion was released on July 25, 2012 for purchase and download through Apple's Mac App Store, as part of a switch to releasing OS X versions online and every year, rather than every two years or so. If you need to purchase Mac OS X 10.7 Lion, you may order it from this page. The most current version of OS X is OS X 10.9 Mavericks. To learn more, please click here. What do you receive: An email with a content code for the Mac App Store. Note: Content codes are usually delivered within 1 business day but may occasionally take longer. The use of content codes and redeemed software is subject. Upgrade mountain lion to catalina. May 16, 2020 OS X 10.8.5 Mountain Lion signifies a different landing on Apple’s chip towards regular OS X updates: Mountain Lion is truly unique in boasting some exceptional features to the world of the desktop operating system. In terms of newly added features, Apple’s ninth major hit would certainly carry the day over previous releases. Learn how to set up and use macOS. Find all the topics, resources, and contact options you need for macOS. Oct 19, 2020 Or you can get the latest macOS Catalina on the App Store for other versions including High Sierra (10.13), Sierra (10.12) or El Capitan (10.11). If you’re using Lion (10.7) or Mountain Lion (10.8), you will need to upgrade to El Capitan (10.11) first before you could upgrade to macOS Catalina.

…that’s one to decide for yourself.

The Onion Router Dark Web