Using TOR to Browse the Internet Anonymously.
So what’s it all about Alfie?
The Onion Network (TOR) is free software suite designed to secure your internet connection. It’s available for Windows (not recommended), Mac, Linux/Unix and Android.
It works by using a series of virtual tunnels, maintained by volunteers, that distribute your information across a series of geographical points. It is designed to increase your privacy and security when using the Internet. However it’s effectiveness has been questioned in recent weeks as more revelations about how the NSA snoop on users come to light. For my money it’s still worth using as some privacy is better than none. Belt and Braces is always the motto here at Android Shed Towers.
More information on the TOR Project can be found at:
https://www.torproject.org/about/overview.html.en
Pro’s and Con’s
Whilst TOR on it’s own will not guarantee your privacy and security it can form part of a system that does offer massive improvements over standard browsing environments. Unfortunately Windows is, as usual, like a leaky boat when it comes to security. I recommend using a secure operating systems such as TAILS if you have no choice but to use Windows.
To maximize security TOR comes with several major caveats.
You’ll need to use the TOR Browser, which ships with the TOR Bundle. Firefox, Chrome and especially IE are not compatible with TOR. It’s also important not to install or enable any plug-ins. This means no Flash, Real Player or QuickTime.
TOR is only effective on HTTPS sites. It will encrypt your information to the website but it’s the websites job to encrypt the data returning to you. This only happens if the address URL contains HTTPS://. The TOR Bundle will try to connect you to secure versions of websites using the HTTPS Everywhere extension, but you should still check that the website you’re providing information to display a green or blue button bar.
You cannot use torrents with TOR. It’s not secure so just don’t. Capisce?
Wait until you go off-line before opening any documents. There’s always the possibility that the document might contain links or buffer overflows that could give away your identity.
Don’t use your own email address. Use an anonymous email provider such as Guerilla Mail.
How to Install TOR on Windows (if this is your only option!)
Head to the TOR website and download and install the bundle from here or if you’re using Chocolatey open an elevated Command Prompt in Windows and type:
cinst tor-browser
I also suggest using your own VPN and Proxy with Tor. Details of how to install this are here:
https://androidshed.wordpress.com/2014/02/17/setting-up-a-home-vpn-and-proxy-server/
Click on the Start Tor Browser Icon. If you haven’t configured your own proxy just click on direct connection button. If you are using a proxy then configure Tor to use your proxy. If you’re running behind a firewall this is where you’ll also be able to configure Tor to bypass it.
In the Tor Browser visit https://check.torproject.org/ and it should hopefully tell you that you’re now secured.
If you’d prefer a significantly more secure environment, consider using Tails or Whonix. I’ll be publishing guides on who to use and install them shortly.
Installing Tor on Android.
Tor on Android consists of two components Orbot and Orweb. Orbot is the proxy part and Orweb is the browser. Orbot works best if your device is rooted as it will then being to use transparent proxying, otherwise you’ll have to use applications designed to work with Orbot.
Orbot can be found here.
Orweb here.
Once you’ve installed Orbot it’ll run it’s installation procedure. If you’ve rooted your device Request Supervisor Access and Proxy all applications through Tor. You’ll need to configure Twitter to use localhost port 8118 as it’s proxy.
The other Guardian Project Android applications are:
ChatSecure: Secure chat app with off-the-record encryption
ChatSecure Voice Messaging Plug In for ChatSecure
NoteCipher Noteapp with built in encryption
Oscuracam Privacy for your pictures
PixelKnot Stenography. Hide messages in images
GNU Privacy Guard PGP file encryption
Happy Secure surfing.