Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Alternatives To Tor Browser Bundle For Windows?

timothy posted more than 3 years ago | from the send-your-answer-via-smart-missile-please dept.

Privacy 201

SonnyJim writes "I frequently use Tor for my anonymous browsing needs, via the Tor Firefox bundle for Windows. I noticed that there are many other applications out there that use Tor as a proxy as well (Janus VM, ChrisPC, etc.) Are any of them more secure than the original Tor bundles, or am I just wasting my time trying these other applications? Is there anything more secure than Tor, as far as anonymous browsing goes?"

cancel ×

201 comments

Sorry! There are no comments related to the filter you selected.

Tor (5, Insightful)

x*yy*x (2058140) | more than 3 years ago | (#36064628)

I personally find it funny when people use Tor and then leave behind the same cookies, the same user-agent, LSO and Flash cookies, same system configuration, same screen size, same fonts, same installation and versions of plugins, same MAC address, don't change DNS servers and countless amount of other things that make it very easy to identify your other activity or what you're doing. Especially to Google via Google Analytics.

Nevermind also that half of the TOR network end nodes are monitored and sniff your traffic and can modify your browsing session in various ways. Just imagine the fun when you happen to use an end node that serves you a drive-by download exploit instead of the page you requested.

Re:Tor (3, Interesting)

clang_jangle (975789) | more than 3 years ago | (#36064696)

I personally find it funny when people use Tor and then leave behind the same cookies, the same user-agent, LSO and Flash cookies, same system configuration, same screen size, same fonts, same installation and versions of plugins, same MAC address, don't change DNS servers and countless amount of other things that make it very easy to identify your other activity or what you're doing. Especially to Google via Google Analytics.

Nevermind also that half of the TOR network end nodes are monitored and sniff your traffic and can modify your browsing session in various ways. Just imagine the fun when you happen to use an end node that serves you a drive-by download exploit instead of the page you requested.

You have some good points, though some of those concerns are easily addressed in your privoxy config. I use tor regularly BTW, and am impressed with its performance compared to a few years ago. I don't drink the kool-aid, but between privoxy and tor you can certainly avoid being tracked by all but the most devoted bad guys. However, if someone competent is targeting you specifically you're screwed no matter what you use, unless you're an uberhacker with access to some heavy hardware.

Re:Tor (2)

ibsteve2u (1184603) | more than 3 years ago | (#36064868)

I don't drink the kool-aid, but between privoxy and tor you can certainly avoid being tracked by all but the most devoted bad guys. However, if someone competent is targeting you specifically you're screwed no matter what you use, unless you're an uberhacker with access to some heavy hardware.

Didn't you know? Is "the good guys" doing the most tracking these days.

lolll..and as a rule you're paying them to watch you.

Re:Tor (1)

clang_jangle (975789) | more than 3 years ago | (#36064912)

Sounds like you're confused. There are no "good guys" trying to track me, only pragmatic reasons I might chose to allow some limited tracking for some limited time (like for street navigation). The "bad guys" are by definition whomever is trying to track you.

Re:Tor (3, Interesting)

lostthoughts54 (1696358) | more than 3 years ago | (#36065010)

what he means is the old good guys are our new bad guys. and good guy doesn't exist anymore, only you vs. them.

Re:Tor (0, Flamebait)

ibsteve2u (1184603) | more than 3 years ago | (#36065014)

Sounds like you're confused.

Long as you're aware that someone competent that has uberhardware - much of which is not even available on the open market - is tracking you.

By the way: Did you observe how I did that without incorporating a juvenile insult?

Re:Tor (-1, Flamebait)

clang_jangle (975789) | more than 3 years ago | (#36065232)

By the way: Did you observe how I did that without incorporating a juvenile insult?

I believe you mean, "without a juvenile insult until the last line, at which point I revealed my hyper-sensitivity and irrationally accused you of a juvenile insult"?

Yes, good job. ;)

Re:Tor (-1, Flamebait)

ibsteve2u (1184603) | more than 3 years ago | (#36065394)

Interesting ego you have there. I bet you have to feed it a lot.

Re:Tor (-1)

Anonymous Coward | more than 3 years ago | (#36065548)

You don't understand much of what you read, do you?

Re:Tor (0)

clang_jangle (975789) | more than 3 years ago | (#36065944)

Please quote the "juvenile insult" you imply I made -- and it needs to be an exact quote, not some biased paraphrasing of what I really said.

Re:Tor (0)

ibsteve2u (1184603) | more than 3 years ago | (#36066520)

Rather than extend this thread and have more people wasting mod points modding down, let me just say that rather than "Sounds like you're confused.", you might have tried "I wasn't clear; although I said 'bad guys' and so implied the existence of 'good guys', that was not my intent." Seems a bit more efficient than assuming that the reader counts telepathy among their skills.

Over and out.

Re:Tor (0)

clang_jangle (975789) | more than 3 years ago | (#36066704)

Oh, well so sorry I triggered your neuroses and failed to fall in line with your belief system. Criminy Crumpets!

Re:Tor (1)

Opportunist (166417) | more than 3 years ago | (#36065264)

...for different definitions of "good"...

Re:Tor (2)

ibsteve2u (1184603) | more than 3 years ago | (#36065490)

Might, perhaps, have been best to leave out the adjective "bad", which implies the existence of "good" and so leads those of us who are foolish enough to take someone literally into hypothesizing the existence of an anode in their cathode-only universe.

Re:Tor (0)

Anonymous Coward | more than 3 years ago | (#36065904)

Might, perhaps, be a tad more clear in one's communications. What are you, schizophrenic?

Re:Tor (1)

causality (777677) | more than 3 years ago | (#36066092)

Might, perhaps, have been best to leave out the adjective "bad", which implies the existence of "good" and so leads those of us who are foolish enough to take someone literally into hypothesizing the existence of an anode in their cathode-only universe.

Why would you want to accommodate foolishness and make it more comfortable? It doesn't lead to fewer fools.

Re:Tor (0)

Anonymous Coward | more than 3 years ago | (#36065416)

VM the os, new browser, change always, random mac.. tor

Re:Tor (2)

WrongSizeGlass (838941) | more than 3 years ago | (#36064698)

Nevermind also that half of the TOR network end nodes are monitored and sniff your traffic and can modify your browsing session in various ways. Just imagine the fun when you happen to use an end node that serves you a drive-by download exploit instead of the page you requested.

At least it will arrive securely and anonymously - and isn't that what it's really all about? ;-)

Re:Tor (4, Informative)

Anonymous Coward | more than 3 years ago | (#36064702)

I personally find it funny when people use Tor and then leave behind [...]same MAC address, don't change DNS servers [...]

Proof that you know less about this than you think you do. MAC addresses become irrelevant after the first network layer hop or an application layer gateway like TOR. Also TOR acts as a socks 5 proxy and will resolve names for you, again the the DNS settings are irrelevant.

Re:Tor (2)

x*yy*x (2058140) | more than 3 years ago | (#36064776)

DNS resolving depends on settings. You're correct about MAC addresses, but it's good to remember them too since they are still somewhat relevant if you really want good anonymity.

Re:Tor (2)

icebraining (1313345) | more than 3 years ago | (#36064864)

DNS resolving depends on settings.

TorButton - included in the bundle - configures Firefox to use Tor for DNS (using the SOCKS proxy).

Re:Tor (1)

kwark (512736) | more than 3 years ago | (#36065292)

By using TOR directly your browser may be giving away clues to your identify. By using privoxy some identity stuff may get filtered but instead you may be leaking information by DNS (especially if you are on an untrusted network). Torifying UDP is IMHO a PITA.

Re:Tor (1)

causality (777677) | more than 3 years ago | (#36066200)

By using TOR directly your browser may be giving away clues to your identify. By using privoxy some identity stuff may get filtered but instead you may be leaking information by DNS (especially if you are on an untrusted network). Torifying UDP is IMHO a PITA.

The solution is to configure your browser to not provide such information in the first place, even when you're not using Tor. Those few cookies etc. you may need to use certain sites can be limited to a handful of specific sites and made quite temporary in nature.

I never saw any good reason why HTTP Referrers and user-agent headers were ever included in the HTTP spec in the first place. The first is extraneous information and the second is contrary to a Web based on open standards (and tends to help malicious sites know which exploits to use). Both of those are easily removed or faked as well. I like to use the RefControl add-on to always give a site its own main page as the referrer.

Re:Tor (2)

blincoln (592401) | more than 3 years ago | (#36066694)

"I never saw any good reason why HTTP Referrers and user-agent headers were ever included in the HTTP spec in the first place. The first is extraneous information and the second is contrary to a Web based on open standards (and tends to help malicious sites know which exploits to use)."

The referrer is useful for a number of reasons. Beyond the obvious one (statistical information), this is helpful for setting up mechanisms to help prevent people hot-linking to images (or other content) on your site. For people who have transfer caps or surcharges, it's really frustrating to have a significant part of that taken up by people who hot-link to your images for use as forum icons or other heavily-used things which don't benefit your site in any way.

re: the user-agent header - just because the web is supposedly based on open standards doesn't mean users should all get the same content. Ideally they should all be able to *choose* to access the same content, but most people are going to be happier if a website detects that they're using a smartphone and sends them a version of the content optimized for display on a smaller screen.

Re:Tor (1)

flowwolf (1824892) | more than 3 years ago | (#36066010)

No. They're not relevant. Your mac address isn't part of the tcp/ip at all. Hell its not even part of the network layer. Its a layer 2 protocol. It will only ever show up to systems on the same subnet and shouldn't even be considered regarding wide internet anonymity. Also, did you know that about half of statistics are made up on the spot?

Re:Tor (3, Insightful)

Hazel Bergeron (2015538) | more than 3 years ago | (#36064828)

Except, of course, if you're running wireless. Then MAC addresses are recorded by various data gatherers and used, among other things, for that Google location guesser thing.

Of course, it's OK if you never speak wireless in the clear and always use an encryption protocol which will never be found insecure in the future.

Re:Tor (1)

Anonymous Coward | more than 3 years ago | (#36065082)

That's not true either. No matter what OS you are running there is a way to present an incorrect MAC address (ideally you should use a different one every time you log in - generated randomly). Since it is a gigabit+ address space and is only used locally, just use a random 48 bit number. The protocol stacks just want a locally unique 48 bit number. Chance of replicating a local address is approximately zero.

This is one reason wireless MAC filtering is weak protection. It is trivial to spoof a wireless MAC address and a wireless network traffic can be monitored (for legal MAC addresses).

MAC Address location (0)

Anonymous Coward | more than 3 years ago | (#36065298)

Well, yes and no. MAC addresses are used for the fake GPS found in lots of products, but it's not accurate and the collection works via specialized applications, not browsers. (Plugins excepted)

MAC GPS is essentially done by multiple gathering systems that contain GPS technology to provide 'GPS like reporting' to devices that do not have GPS. However, all it takes is one house to randomize MAC addresses, or clone one in use on the other side of the country, to degrade the locators.

Re:Tor (2)

Jane Q. Public (1010737) | more than 3 years ago | (#36066926)

Which is exactly why, if you REALLY want to be "anonymous", you simply spoof your IP and MAC addresses (ridiculously easy to do in most cases) and use somebody's open wifi.

Re:Tor (1)

jvillain (546827) | more than 3 years ago | (#36065806)

Once some one has your mac address (assuming they have the real one) they know the manufacturer of your device. From there they can figure out where it was sold and they tie that to a credit card or bank card if you didn't pay cash. If they can tie your mac to some where that you signed up for an account you are also fingered. Every where you go on line no matter how you got there leaves a trail of things that quickly narrow the field of candidates. Your crazy if you think there is anonymity on line.

Re:Tor (2)

smellotron (1039250) | more than 3 years ago | (#36066042)

Once some one has your mac address (assuming they have the real one) they know the manufacturer of your device. From there they can figure out where it was sold and they tie that to a credit card or bank card if you didn't pay cash.

Are you telling me that if I tell you 00:50:ba:* you can identify where I bought my NIC [dlink.com] ? And you can tie it to my credit card? You must be a spook in full collusion with D-Link (for the credit card and inventory records), in which case the mac address reveal is probably the least of my worries. If you look in my windows while you're wardriving, you might even see me, too!

Re:Tor (0)

Anonymous Coward | more than 3 years ago | (#36066560)

Again, it's irrelevant. MAC addresses operate on a different network layer. Just accumulating such arguably identifyable technical characteristics into a scary lists doesn't change the fundamental principle that they are not used in TOR.

Re:Tor (1)

Jane Q. Public (1010737) | more than 3 years ago | (#36066946)

You're really, really reaching. I would guess that you could actually do this in maybe 1 case out of 10,000. MAC addresses are assigned to the network card manufacturer. They are (often) installed in your computer on a Pacific Island somewhere, and shipped to the United States, where they are then further distributed far and wide.

The odds that anything like your credit card number would be associated with your MAC address, in any place that it could, as a practical matter, be found, is vanishingly small.

Re:Tor (5, Informative)

cdp0 (1979036) | more than 3 years ago | (#36064716)

Use TorButton [mozilla.org] then (the Windows bundle includes it IIRC). AFAIK it solves most of the problems you mentioned. If you are using Firefox 4 then you need the alpha version from here [torproject.org] .

Add to that BetterPrivacy [mozilla.org] , and you should be much harder to track.

Re:Tor (4, Funny)

93 Escort Wagon (326346) | more than 3 years ago | (#36064764)

I personally find it funny when people use Tor and then leave behind the same cookies, the same user-agent, LSO and Flash cookies, same system configuration, same screen size, same fonts, same installation and versions of plugins, same MAC address, don't change DNS servers and countless amount of other things that make it very easy to identify your other activity or what you're doing.

I solved this problem simply by finding out what your user-agent, LSO and Flash cookies, system configuration, screen size, fonts, plugins, MAC address, and default DNS servers were. Now whenever I'm on Tor I pretend to be x*yy*x - so I'm golden.

Re:Tor (-1)

Anonymous Coward | more than 3 years ago | (#36064778)

I personally find it funny when people commit suicide. Think you could give me a few laughs?

Re:Tor (3, Interesting)

burni2 (1643061) | more than 3 years ago | (#36064932)

But mostly you can identify tor-users which are not having all plugins switched off, by a java applet which acts as a beacon* , also if you have switched it off in your Firefox, it get's reactivated by every juscheded update ;)

But I also want to point the attention to the lately added
local web storage in the current generation of browsers, like Opera and doing a picture search in opera and just check the link of the thumb nail you will be interested So the question is how long will it take till it get's abused for traking

"data:image/jpg;base64,/.*CONTENT*."

*(udp connection, even through DNS/53 port some PSFs don't catch outgoing connection on this port and won't bring the fact to your attention)

Re:Tor (0)

Anonymous Coward | more than 3 years ago | (#36066320)

a java applet which acts as a beacon* , also if you have switched it off in your Firefox, it get's reactivated by every juscheded update ;)

Perhaps in the Windows world a software update that actually goes into your user's application settings and overrides them is considered normal and acceptable but this doesn't happen to user applications under Linux. System updates are not going to touch the contents of your users' home directories which is where things like Firefox settings are stored. The difference of course is that Windows knows what's good for you, after all you might be a clueless idiot so it's "appropriate" to treat every user that way. Who cares if you already expressed your preference in the existing config, right? Naturally the nice centralized database known as the Registry makes that easy for them.

*(udp connection, even through DNS/53 port some PSFs don't catch outgoing connection on this port and won't bring the fact to your attention)

That would fail on my system. I run my own little caching DNS server and my firewall is default-deny. The traffic on UDP port 53 is limited to only the specific IP addresses of the root DNS servers.

If your PSF can't do that, you should ditch it and replace it with a real firewall.

Re:Tor (1)

vlm (69642) | more than 3 years ago | (#36065214)

I personally find it funny when people use Tor and then leave behind the same cookies, the same user-agent, LSO and Flash cookies, same system configuration, same screen size, same fonts, same installation and versions of plugins, same MAC address, don't change DNS servers and countless amount of other things that make it very easy to identify your other activity or what you're doing.

If someone is trying to block web browsing by installing a cruddy blocker or whatever, but are not smart enough to block tor connections (think, hotel, restaurant, etc) then tor is a massively overcomplicated proxying solution.

Re:Tor (0)

Anonymous Coward | more than 3 years ago | (#36065242)

https://www.torproject.org/about/torusers.html.en

Tor was created as a way for the US military to have secure communications while agents are abroad. It has been shown that tor exit points can capture any data coming out of the network. I'm not saying that tor is a way for the US government to get people to send encrypted traffic through military super computers for later monitoring or anything but x*yy*x might have a point.

Re:Tor (1)

Weezul (52464) | more than 3 years ago | (#36065508)

It's called the tor "browser bundle" for a reason. You never use your default browser under Tor.

Yeah, end node sniffing must be addressed through https-everywhere or a vpn of course.

Re:Tor (4, Informative)

Anonymous Coward | more than 3 years ago | (#36065966)

Easy to fix when you use user agent switcher, ghostery, better privacy, noscript, google sharing, cloned mac addresses and torbutton.

Check out http://www.decloak.net to see how anonymous you are.

It's hard to beat Tor for anonymous public web browsing, but i2p [i2p2.de] is already a better darknet.

Re:Tor (0)

Anonymous Coward | more than 3 years ago | (#36067094)

I thought that the MAC address only went to the next hop, or am I wrong?

OperaTOR (2)

webmistressrachel (903577) | more than 3 years ago | (#36064640)

The best TOR bundle, includes portability, non-root / admin user required, and no cookies etc. between sessions.

All settings are defaulted safe for Tor.

Re:OperaTOR (2, Informative)

Anonymous Coward | more than 3 years ago | (#36064780)

Does it have functionality similar to Firefox with TorButton [torproject.org] ? Otherwise I assume it offers weaker privacy.

Btw, according to this link [archetwist.com] OperaTor is not maintained anymore, and it was replaced by YAPO [archetwist.com] which does not support Tor.

Re:OperaTOR (1)

webmistressrachel (903577) | more than 3 years ago | (#36064924)

Damn... on your first point, no it's stronger because it includes Polipo and Privoxy, which route DNS requests over Tor...

However, despite me using it religiously for years now, you are correct that it's now been deprecated? Why? I don't have to skills to maintain it, and it's something I am sure lots of people have used as their first step to anonymity... it should be maintained. :-(

VPN? (1)

fysdt (1597143) | more than 3 years ago | (#36064656)

What about a free/paid VPN connection?

Re:VPN? (2)

icebraining (1313345) | more than 3 years ago | (#36064788)

VPN is only one hop between you and any server, so they know both who you are (especially if it's paid), what IPs you connect to and any unencrypted traffic.

If you trust them more than your ISP, sure, but I think it's far from anonymous, even when compared to Tor.

Re:VPN? (1)

x*yy*x (2058140) | more than 3 years ago | (#36064822)

Well, you can use several VPN's between. That way the traffic that goes encrypted between you and first VPN won't leave unencrypted there. But yeah, you always have to trust the person or company that keeps it.

Re:VPN? (1)

fysdt (1597143) | more than 3 years ago | (#36064826)

By default the MS PPTP client supports VPN chaining. The last VPN hop would send unencrypted data (comparable to a Tor exit node) which is afaik unavoidable.

Re:VPN? (1)

kwark (512736) | more than 3 years ago | (#36065360)

It is simpeler to run TOR on both ends and use VPN between the client and the hidden service (OpenVPN in TCP mode should work). That way the traffic should never leave the tor network.

they're not here (0)

Anonymous Coward | more than 3 years ago | (#36064810)

Anyone who's remaining completely anonymous online wouldn't risk a visit to a clearnet site like slashdot and comment.

Re:they're not here (1)

Runaway1956 (1322357) | more than 3 years ago | (#36065554)

virtual machine, dude. My virtual machine doesn't come to slashdot . . .

Logic Fail (0, Redundant)

Anonymous Coward | more than 3 years ago | (#36064818)

I frequently use Tor for my anonymous browsing needs, via the Tor Firefox bundle for Windows . .. is there anything more secure than Tor, as far as anonymous browsing goes?

So, you want to use a compromised OS and somehow tack privacy on top? Doesn't work that way, sorry.

I don't get Tor (2, Interesting)

Hazel Bergeron (2015538) | more than 3 years ago | (#36064888)

Can someone explain to me why someone who is monitoring sufficient backbones and running sufficient Tor nodes himself can't just watch a packet stream being bounced between Tor nodes?

Then there are people using Tor really dumbly [inria.fr] such that you don't even need a three-letter acronym to work out who it is.

Re:I don't get Tor (3, Informative)

betterunixthanunix (980855) | more than 3 years ago | (#36064958)

Can someone explain to me why someone who is monitoring sufficient backbones and running sufficient Tor nodes himself can't just watch a packet stream being bounced between Tor nodes?

This is one of many known attacks on Tor, and is the reason why as many people as possible should be running Tor relays, entry nodes, and exit nodes. This is also why Tor circuits are periodically changed by the client. In general, though, it is possible for someone who can monitor a large enough fraction of the Tor network to break the anonymity of the system, even if they cannot control the nodes themselves.

Re:I don't get Tor (2)

Nimey (114278) | more than 3 years ago | (#36065152)

I'd thought about running a Tor entry/exit node, but I really don't want to get dinged for someone else looking at kiddie porn and using me as an exit point. The authorities won't know the difference, and might not even care.

Re:I don't get Tor (0)

Anonymous Coward | more than 3 years ago | (#36065306)

To date, not a single case has been bought against anyone running a tor exit node.

Re:I don't get Tor (1)

Anonymous Coward | more than 3 years ago | (#36065354)

That might be the case, but I don't think he wants to risk being the first one. All it takes is an overzealous prosecutor.

Re:I don't get Tor (0)

Anonymous Coward | more than 3 years ago | (#36065846)

Better not own a house, then. All it takes is one overzealous lawyer and a clumsy doorbell ringer. Oh, and don't rent, either. One overzealous landlord. Walking down the street? One zealous gang-banger. Driving? 5000 zealous drivers.
And what do you do when you breathe in a patented organism and it breeds in your lungs? One zealous corporate attorney...

Re:I don't get Tor (1)

Nimey (114278) | more than 3 years ago | (#36066630)

You just went full retard. Never go full retard.

Re:I don't get Tor (3, Informative)

Hazel Bergeron (2015538) | more than 3 years ago | (#36065422)

I recall a raid in Germany [wordpress.com] . Depending on police behaviour and accessibility of records, in some countries that can be as harmful as a conviction (e.g. if you're working in a job with vulnerable people).

Re:I don't get Tor (0)

Anonymous Coward | more than 3 years ago | (#36065542)

Yea- even not so vulnerable people or no people at all.

Re:I don't get Tor (2)

betterunixthanunix (980855) | more than 3 years ago | (#36066218)

To date, not a single case has been bought against anyone running a tor exit node.

...and yet your life can be ruined just because you were arrested for "downloading child pornography."

Re:I don't get Tor (0)

Anonymous Coward | more than 3 years ago | (#36066526)

There are websites that block access from suspected Tor nodes.

Re:I don't get Tor (1)

westlake (615356) | more than 3 years ago | (#36065178)

Can someone explain to me why someone who is monitoring sufficient backbones and running sufficient Tor nodes himself can't just watch a packet stream being bounced between Tor nodes?

I've asked the same question about Freenet.

The network depends on users volunteering to route and store high-risk traffic. The files may be in fragments and encrypted. But if your client application, node or supernode is exposed, the consequences may be - unpleasant.

That is not a problem for the three-letter agency, foreign or domestic that can build depth by running tens of thosands of nodes and supernodes, if it chooses.

Re:I don't get Tor (1)

Jane Q. Public (1010737) | more than 3 years ago | (#36067020)

"The network depends on users volunteering to route and store high-risk traffic. The files may be in fragments and encrypted. But if your client application, node or supernode is exposed, the consequences may be - unpleasant."

If you are in the U.S., these assumptions are quite incorrect, in at least a couple of ways.

You are volunteering to take on anonymous traffic, not "high-risk" traffic. There is a very big difference. In effect, you are serving as a "common carrier", and you enjoy the same legal protections as any ISP. In other words, you are only carrying traffic, you are not looking at it in any way, or even accessing it, much less altering it, yourself. You are only a relay. You have nothing to do with the actual content, so you cannot be held liable for that content.

Legally, even if illegal traffic passed through your node, law enforcement has no reason to even look at you twice. Their beef, if any, is only with the source and destination of that traffic. You are further protected by the very nature of Freenet itself: all traffic is encrypted, and it is highly unlikely you would be able to decipher any of that content, even if you wanted to.

Also, the volume of your traffic has absolutely nothing to do with the legality of your actions. You have the same legal protections as Time Warner, or AOL, or Comcast.

Re:I don't get Tor (1)

Larryish (1215510) | more than 3 years ago | (#36066284)

From your link:

... In this paper, we show that linkability allows us to trace 193% of additional streams...

193 percent?

Really?

Re:I don't get Tor (1)

DamnStupidElf (649844) | more than 3 years ago | (#36067050)

I've always thought it would be nice if the russians or nigerians or chinese would just run Tor on their botnets. I know they probably don't really care for freedom of speech or privacy (in fact, they would like to reduce most people's privacy in terms of financial credentials...) but that is the level of distribution necessary to thwart network analysis. Store-and-forward of all anonymized traffic with random delays and random traffic bursts generated to mask legitimate traffic is essentially the only way to go. Even better if your local gateway just "happens" to be infected with such a botnet client, generating its own stream of random anonymized traffic for plausible deniability.

Alas, it's probably up to some grey-hat hackers to care enough to put something like this together and implement it and keep it running.

A better alternative.. (1)

spaceplanesfan (2120596) | more than 3 years ago | (#36064894)

Just stop trolling :-)

Re:A better alternative.. (0)

Anonymous Coward | more than 3 years ago | (#36065358)

No, the troll here is the people acting like Firefox is the best browser out there for Windows, OSS or no. I was so glad to get rid of FF on all but one of my systems and I keep it on the one just so I'm not talking out of my ass about it unlike the fanbois who haven't tried IE since 5.5 but still claim they "know" that it sucks.

Hands down Chrome is the best browser for Windows today. Even IE has made modest but noted gains on the once mighty FF.

Firefox is a husk of what it use to be and a disgrace compared to what it could be today.

Re:A better alternative.. (1)

spaceplanesfan (2120596) | more than 3 years ago | (#36065690)

No, I was going for Funny moderation.
I suggested to stop using Tor, cause you know, its probably was used for trolling.
Its of course just a joke, no offence.

more truth than you know (0)

Anonymous Coward | more than 3 years ago | (#36066904)

As a webmaster for a moderately visited site, I can say I've had nothing but headaches with people using tor for trolling. My solution was to block everything tor. There are plenty of blacklists for tor simply because of the troll abuse. What you end up with is a scenario where, as tor becomes more useful, more trolls will use it, then more services will block it, thus making tor less useful. The equilibrium point will be somewhere close to where it is now, a system that's sufficiently small enough that it makes it rather easy to cause issues with tor, according to comments by others posed above.

AOR (0)

Anonymous Coward | more than 3 years ago | (#36065072)

Advanced Onion Router [portablefreeware.com] is a portable (can run off a key drive) and easy to use program that will force a program to work entirely through it. This can get programs without proxy settings to work with the TOR network, and speed up the process of setting up a proxy in other programs. There are some pretty advanced settings inside the program that the average user will probably ignore, but its nice to have them there if you need.

secure net (0)

Anonymous Coward | more than 3 years ago | (#36065138)

Haven't uused it in a while, but maybe you people should look into the i1p project. Doesn't have the bandwidth of tor, but is more secure/anonymous

Re:secure net (1)

Runaway1956 (1322357) | more than 3 years ago | (#36065824)

Did you mean I2P??? http://www.i2p2.de/ [i2p2.de]

It too can be compromised by MIM. Otherwise, yes, I think it is superior to TOR. Downside is, not enough people use it to make it worthwhile.

Coffee Shop (1)

Anonymous Coward | more than 3 years ago | (#36065186)

Live boot a Linux distro and surf your kiddie porn at a local coffee shop.

Freenet (0)

Anonymous Coward | more than 3 years ago | (#36065272)

Just use freenet :P

Have you tried tunnelr? (0)

Anonymous Coward | more than 3 years ago | (#36065324)

http://www.tunnelr.com/ I think this stuff lets you browse anonymously

Re:Have you tried tunnelr? (1)

Runaway1956 (1322357) | more than 3 years ago | (#36065832)

It's just another VPN proxy setup. THEY know who you are.

Tor is illegal (0)

Anonymous Coward | more than 3 years ago | (#36065552)

...or it soon will be.

After all, it facilitates illegal activity. Never mind that it has legitimate uses.

Sound familiar?

LiveCDs - TAILS v0.7.1, Liberté Linux (4, Informative)

integral-fellow (576851) | more than 3 years ago | (#36065560)

First, don't bet your life on this technology or OpenSSH or other tech.

Second, rather than run TOR on an everyday personal or work computer (Windows or Mac or Linux) with sensitive data and identifiable traits, I'd recommend booting a LiveCD: TAILS (v0.7.1 is the latest) and Liberté Linux:

http://tails.boum.org/ [boum.org]
http://dee.su/liberte [dee.su]

or get Knoppix and harden it:
http://knoppix.com/ [knoppix.com]

Change your MAC and connect at a coffee shop (if paranoid-- on the other side of town, and wear sunglasses in case of surveillance), not from home. Or connect to someone else's open WiFi, or get the key with Backtrack. Less secure is running a LiveCD in a VM (virtualbox or vmware). Another less secure option is running a hardened Linux, or at least running the Bastille script.

What am I missing? The main trouble with the LiveCD/DVDs is the NIC driver/module, but Knoppix is good for that.

integral-fellow

Re:LiveCDs - TAILS v0.7.1, Liberté Linux (1)

Jane Q. Public (1010737) | more than 3 years ago | (#36067064)

The solution to that is to use your Live CD to make a bootable USB drive. Then you can change/improve/upgrade your drivers.

Then encrypt your bootable drive (it is possible to make bootable encrypted drives).

Re:LiveCDs - TAILS v0.7.1, Liberté Linux (1)

Jane Q. Public (1010737) | more than 3 years ago | (#36067078)

I should add that in the United States, you cannot be legally forced to give up your encryption passwords, unless law enforcement can already show that your encrypted data contains illegal content. In other words, because of the 5th amendment, the standard is a lot tougher than even probably cause.

Re:LiveCDs - TAILS v0.7.1, Liberté Linux (1)

Jane Q. Public (1010737) | more than 3 years ago | (#36067090)

"... probable cause." Damn typos.

DHS: (0)

Anonymous Coward | more than 3 years ago | (#36065592)

I'm watching you...yeah YOU.

What is the actual purpose of using TOR? (3, Insightful)

Warma (1220342) | more than 3 years ago | (#36066064)

I understand that what I'm going to ask is almost a logical fallacy in Slashdot, but I'm going to ask anyway.

Why exactly are you making things complicated for yourself and using Tor in the first place? A person as paranoid as you would use only properly secured banking connections and reputable services anyway, so the chance of any identity theft whatsoever is minuscule. I really can't think of any credible motivation for completely endorsing anonymity except the fear of being caught surfing something explicitly illegal. However, the amount of replies in this thread and their tone suggest, that you can't all be 3rd world revolutionists or Chinese students circumventing the Great Firewall.

Is this just a matter of principle, or do you actually have something to hide? If it's the principle, what are you hoping to accomplish and why? If you're into snuff or whatever, I really don't care, but at least one anonymous reply confirming this would be amusing.

This is not a troll. I'm genuinely interested. Technical answers about repercussions I may have not understood, are not only accepted, but appreciated.

Re:What is the actual purpose of using TOR? (2)

Larryish (1215510) | more than 3 years ago | (#36066334)

From what I gather (remember this info is all secondhand) some people in former first-world countries (USA anyone?) use TOR, Privoxy, livecds, etc. to research the sort of things that might throw up a flag.

Re:What is the actual purpose of using TOR? (0)

Anonymous Coward | more than 3 years ago | (#36066394)

I like to buy certain hard-to-find illegal chemical compounds through Tor. Also I hear you can find CP on there, but I'm not a pedo so I wouldn't really know.
Posting anonymously (and through Tor!) for obvious reasons.

Re:What is the actual purpose of using TOR? (0)

Anonymous Coward | more than 3 years ago | (#36066496)

Funny that you mention snuff porn because you can't always predict what motivates other people (including why they would want your information in the first place).

Logically speaking, just because it's improbable that someone would want to track you, doesn't mean that it's impossible.

Re:What is the actual purpose of using TOR? (1)

Anonymous Coward | more than 3 years ago | (#36066662)

Before I could afford internet access at home, I used Tor to download porn from sites like youporn.com. That certainly isn't a legal activity, but using my university's internet system to access porn was grounds for being expelled. This even included kids in dorms.

Yes, watching porn in public is a horrible idea and would certainly cause others discomfort. But there is nothing wrong with accessing or viewing it in private.

TL;DR in my country, religious zealots and enforced morality codes forbid University students from accessing pornographic and other controversial materials even in their own dorm rooms. Can you guess which modernized first nation I live in?

Re:What is the actual purpose of using TOR? (0)

Anonymous Coward | more than 3 years ago | (#36066930)

I for one don't trust the network at my dorm and don't want the other students to watch my every step on the 'net. No, I'm not talking about porn.

Good enough of a reason?

Re:What is the actual purpose of using TOR? (0)

Anonymous Coward | more than 3 years ago | (#36066972)

You have a right to privacy. You don't need a reason to use it. You have the right to a job and a religion, and to privacy. Some people want to use that right, though in this web 2.0 era of social networks is not common.

Re:What is the actual purpose of using TOR? (1)

Anonymous Coward | more than 3 years ago | (#36067044)

Besides the "Nothing to hide" argument being fallacious [ssrn.com] , why can't privacy just be privacy without someone's silly assumptions about your motivations getting in the way?

XeroBank Browser? (1)

antdude (79039) | more than 3 years ago | (#36066196)

How about https://xerobank.com/download/index.html [xerobank.com] ? However, its Firefox is outdated. Supposedly, they are making a new one?

You're doing it wrong. (1)

atari2600a (1892574) | more than 3 years ago | (#36066316)

Tor isn't 'a proxy', it's a router. Privoxy / Polipo is the proxy. Either way you offer too little parameters for 'secure'. Do you mean like cache retention or some magical network breach or what?

Simple (1)

Patrick May (305709) | more than 3 years ago | (#36066322)

Is there anything more secure than Tor, as far as anonymous browsing goes?

Yeah, don't fucking use Windows.

i2p (2)

bjs555 (889176) | more than 3 years ago | (#36066578)

I was trying out iMule and saw that it uses a network layer called i2p that supports any application that can run using a proxy. You might want to give it a try.
i2p is available at http://www.i2p2.de/ [i2p2.de]
Here's a description of i2p from the introduction:
-----
"I2P is a scalable, self organizing, resilient packet switched anonymous network layer, upon which any number of different anonymity or security conscious applications can operate. Each of these applications may make their own anonymity, latency, and throughput tradeoffs without worrying about the proper implementation of a free route mixnet, allowing them to blend their activity with the larger anonymity set of users already running on top of I2P.

Applications available already provide the full range of typical Internet activities - anonymous web browsing, web hosting, chat, file sharing, e-mail, blogging and content syndication, newsgroups, as well as several other applications under development.

Web browsing: using any existing browser that supports using a proxy.
Chat: IRC, Jabber, I2P-Messenger.
File sharing: I2PSnark, Robert, I2Phex, PyBit, I2P-bt and others.
E-mail: susimail and I2P-Bote.
Newsgroups: using any newsgroup reader that supports using a proxy."

All other programs subject to attack or profiling (0)

Anonymous Coward | more than 3 years ago | (#36066614)

They use either Java or centralized servers.

Java should not be used because more Java-based botnets are being developed due to the popularity of Android. Java virtual machines have always been full of vulnerabilities and sluggish performance.

Ostensibly a program using centralized servers would not ask users to donate bandwidth and IP addresses for "exit nodes." The servers, then, would be easy to profile based on IP address. A central authority with control of the entire network could be a weak link.

I2P (0)

Anonymous Coward | more than 3 years ago | (#36066918)

Because it's encrypted end-to-end, no bullshit like Tor. It's got torrent, anonymous websites and any tunnelling capability you might need anonymously and encrypted for any application.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?