This is the first time I’ve bothered using Tor since giving it a cursory look many years ago, and events in the last six months, namely what little’s been published from the Edward Snowden leaks and the Daily Heil successfully lobbying to get the Internet censored, makes the capability to ‘go dark’ pretty much necessary for anyone who cares about having an open and free Internet.
I also had a look at the Tor Metrics again, and the estimated number of users in the United Kingdom rocketed from around 25,000 to around 150,000 in late-August. In the United States the figures went from around 150,000 to 500,000+ in that same period. I’m pretty sure it had something to do with the fuss The Guardian and The Washington Post made over whatever Glenn Greenwald said the NSA did.
Enough of the politics. Let’s have a quick look at Tor.
We have comms!
This proved much easier than I expected, just a matter of installing the Tor backend and the Vidalia graphical interface. Both were available in the package repository.
In the terminal, enter the ‘vidalia‘ command as #root. This will start the Vidalia client. After authenticating with a relay and establishing the circuit, which takes about a minute, the status indicator will show the local machine is connected to Tor. An onion icon should also appear in the desktop panel.
Remember that thing with OpenVPN where an encrypted tunnel was established to a VPN service? Roughly the same thing’s happening here, except a virtual circuit is set up through a series of Tor relays, and a tunneling layer is added for each one. This is where the term ‘onion routing‘ comes from.
Of course, this is the really simplistic description of how it works. The relays are chosen almost randomly from several thousand distributed globally, so the virtual circuit will look something like this:
But from the users’ perspective, establishing a session is much easier than with OpenVPN, as Tor handles all the authentication details when the client is started. And that’s it. Whatever requests the web browser makes should now go through the relays.
The Vidalia Control Panel is straightforward enough for anyone, but I’ll run through a few things users should be aware of.
The Network Window
This shows your circuit and the number of active relays in the Tor network (after clicking the Refresh button). When I checked, there were just under 5,000. The pane in the lower-right shows a few details about whichever one is selected.
Under the Network tab in the Settings, there are some options for getting around a firewall or IPS that prevents access to a Tor relay. I’m guessing these refer to stuff that’s been disabled by default to reduce overhead, and for finding relays that haven’t been active long enough to get blacklisted. One situation where this shouldn’t be used, as a matter of courtesy, is where your machine is on someone else’s private network.
The Sharing tab is even more important. Running the local machine as an exit relay is extremely risky, as any criminal activity committed by others through Tor would be traced back to your IP address. While there’s little risk of actually getting jailed for it, a visit from the police at 6:00AM and confiscation of your computers would still be rather awkward. Anyone who wants to help is safer running an internal non-exit relay or funding the Tor Project.
Get a New Identity
Changing the exit address and appearing as a new user on the other end of the circuit is as easy as clicking the ‘Use a New Identity‘ button. A confirmation message should appear near the Tor icon in the desktop panel. According to the Linux Solutions blog, this feature changes the current relay circuit with a new one.