Time for More Tor: How to Set It Up August 11, 2011 | 09:24 am

It is looking like the US government is going to pass a bill which requires your ISP to track everything you do on the internet and store that information for 12 months: see here for more. This means that every website you visit and every plaintext password you send across the internet will be tracked. If you or a website you visit sends anything across HTTP, it’ll be tracked. And God knows how the ISPs might be compelled to try to hack your HTTPS/SSL connections: Bruce Schneier has a lot of evidence that SSL isn’t safe, especially if your ISP is the one hacking it. (On this note, also see here.)

So, here’s a guide on how to circumvent your ISP’s ability to record all your personal information. I’m using OS-X and Firefox, and I’m assuming you are, too. If you’re on Windows, I’m sorry, and hopefully you can figure it out. If you’re on Linux, clearly you’re too smart to need a guide like this.

The first thing to do is install Tor. Y’know that common scene in the movies (e.g. Mission Impossible) where the l33t h4x0r has routed their connection all over Hell and back, and it’s a pain in the ass for the evil police officers to track down? Yeah, that’s Tor. Tor (which is short for The Onion Router) routes your traffic through a series of other servers in a nice, encrypted format. It starts by connecting to an “Entry Node”, then running through a series of routers, and finally the “Exit Node” proxies your request to the website. This means that instead of your traffic coming from your computer, it is (from a security and practical standpoint) coming from the Exit Node. Your ISP can no longer track what you’re doing. Pretty nifty.

The problem is that you have to have a minimal amount of trust for the Exit Node. And, of course, you have no real reason to do that. So we have to take a few more steps to really protect ourselves.

First, Tor requires a bit of configuration. With Tor off, edit your torrc file. On OS-X, it will be in ~/Library/Vidalia/torrc. Change the ControlPort setting to anything other than its default value: anything in the 9xxx or 10xxx range is usually free, and changing it protects against a simple attack an Exit Node can launch against you. Second, you don’t really want to deal with an Exit Node in certain countries (e.g. China, North Korea), so add a line which reads:
ExcludeExitNodes {cn},{kp}
You can add other countries to the list if you’d like: just look up their two-digit ISO country code and add it in brackets to the comma-seperated list. Keep in mind that this only limits the exit nodes, not the entry or intermediate nodes, but since intermediate nodes don’t know either where the traffic is coming from or where it is ultimately going, that’s fine. If you want to specify a particular country for your exit node, you can do that, too:
ExitNodes {us}
There’s no security benefit to limiting your exit node to a particular country, but it may make certain websites work a bit better if you limit the exit nodes to country whose primary language is one you can read. There may also be certain advantages to making sure your exit node and your computer are on as disparate networks as possible (especially where “disparate” means “not subject to the same police force”), but at the point when you’re worrying about that, you’re in a situation which is more dire/paranoid than this guide can help with.

Here are some other settings you can add to your torrc file, which may improve performance:

# Use hardware acceleration if you have it (does nothing if you don't)
HardwareAccel 1
 
# Don't write to disk if you can avoid it (important for SSD)
AvoidDiskWrites 1
 
# Number of seconds to wait for a circuit to be built
# In newer versions of Tor, this is an adaptive number, so it's really only a hint
CircuitBuildTimeout 20
 
# How many seconds to wait before we clean up unused circuits  
CircuitIdleTimeout 3600
 
# Number of seconds before we give up on a circuit and try a different one
CircuitStreamTimeout 240
 
# How often to consider building a new circuit
NewCircuitPeriod 10
 
# How old can a circuit get in seconds
MaxCircuitDirtiness 28800
 
# How long do we divorce host/exit node associations in seconds
# Lower values randomize your connections more often (which may be more secure) 
# Higher values are better for performance
# Default is 1800 (30 minutes)
TrackHostExitsExpire 300
 
# The number of long-term entry nodes we use (default 3)
NumEntryGuards 5
 
# Set this to the number of CPUs that you have on your hardware
NumCPUs 4

If you are running a computer which is on for extended periods of time (i.e. not a laptop), then you actually get significantly better security by running a relay. The following instructions are just for OS-X: in the Vidalia Control Panel (that thing that pops up when you click on the onion in the menu bar and select “Control Panel”), click “Settings”. Under “Sharing”, click “Relay Traffic for the Tor network”, and give yourself an awesome name (without spaces) in the “Nickname” field below. Then click “OK”. You can muck about with the other settings later. The advantage of doing this is that you are now generating traffic which is not yours from your computer. So if you ever access the internet from outside of Tor, there’s at least effort required to determine if that access is on your behalf or on the behalf of someone on the Tor network. More information and discussion of possible security downsides are here: Do I get better anonymity if I run a Tor relay?

Next up: configuring Firefox. First of all, go into Tools > Add-Ons > Torbutton > Preferences > Security Settings > Start-Up and have your Firefox boot immediately into Tor. You simply don’t want to do anything else. Once you’ve got that set up, go poke around at the other options and set it to work the way you’d like. If you don’t understand an option, then leave it checked if it is marked as “crucial” or “recommended”, or leave it as the default if it is any other way.

Now, to deal with that pesky Exit Node trust problem. There are two parts to this solution: first, install HTTPS Everywhere by going that link and clicking the big “Encrypt the Web: Install HTTPS Everywhere” image. (I know it doesn’t look like a button or link, but it is. Usability fail.) Once you’ve got HTTPS Everywhere installed, you’re automatically going to start creating SSL links to a variety of popular services. This SSL provides an added layer of security. And, although it is possible for a particular Exit Node to try to launch an attack against your SSL connection, the fact that your network exit node is indeterminate and transitory helps security quite a bit. This brings us to the second part of the solution: STOP ACCEPTING BROKEN HTTPS CERTIFICATES. Everyone does it (including Bruce Schneier), but as soon as you do that, just assume the information you are sending across the connection is broadcast everywhere, because it may as well be.

If you want to go really hardcore, you can add a few more HTTPS Everywhere rules by grabbing my rules from my GitHub repo and extracting them into ~/Library/Application Support/Firefox/Profiles/*/HTTPSEverywhereUserRules. That adds quite a few more rules.

For the final step of configuring Firefox, follow Tor’s own instructions on improving Firefox performance (the “Procedure 1″ bit). This changes a few defaults to more proxy-friendly options, and makes a substantial improvement in Firefox’s speed when running in Tor mode.

Other plug-ins I’d recommend for Firefox are BetterPrivacy and AdBlock Plus, both of which help with privacy. Set Firefox to log you out of every site when you are closing down. Master Password can help by allowing you to have one password on your Firefox and then it will store your totally random passwords used for all the other websites: you won’t need to memorize them, because Master Password will have taken care of it.

What about things other than web browsing? To get other programs to use Tor (I’m particularly fond of routing DropBox/SugarSync through Tor), find their Preferences pane, then try to find the “Connection” or “Proxy” window. Set it up as an HTTP proxy running through the host localhost at the port 8118. To get command line systems to use Tor, set the HTTP_PROXY system property to the value “http://localhost:8118″.

At this point, as long as you’re running from within Tor and over SSL, you’re reasonably secure. Yes, there are still attacks that can get you: welcome the internet. But at least you’ll wiggle out from underneath the kind of blanket surveillance that the U.S. government seems to think is a great idea. Anything you access from HTTP (not HTTPS) is still a problem, so shift to using HTTPS-protected log-ins (e.g. OpenID, Facebook Connect) for non-HTTPS sites as a minimal step to protect your account. And if you ever see a website whose security certificate used to work but is suddenly broken, close your browser, click “New Identity” under the onion in the menu bar, and then fire your browser back up.

Tags: , , ,

  • http://www.securitydirect.co.uk/acatalog/Fire_Blan fire blanket

    Great guide but is their a guide to help speed tor up ? or any thing else to do to help security ?

  • http://www.robertcfischer.com Robert Fischer
  • Vishwanath Ramarao

    if the ISP is recording all traffic, why wont they also record the encrypted tor traffic from your computer to the tor node. I am willing to bet that if SSL is crackable, so also is the tor protocol

  • http://robertcfischer.com Robert Fischer

    They can record your encrypted traffic just fine…but it’s random bytes for all practical purposes. SSL’s problem is that its certificate-based trust system is broken: it’s cryptography proper is just fine, and neither has Tor’s encryption been broken.

    There are some issues that come out of traffic analysis, but those are substantially helped by running your node as a relay. Even better if you run as an exit node.

    The fact that China feels the need to block Tor suggests that at least they can’t break it, which is pretty strong support.

    Looks like Wikipedia has a conversation on Tor’s weaknesses, if you’d like to see a conversation on it instead of just your personal “willing to bet”-ness: https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Weaknesses

  • rockyhenry

    here’s a guide on how to circumvent your ISP’s ability to record all
    your personal information. I’m using OS-X and Firefox, and I’m assuming
    you are, too.70-680 If you’re on Windows, I’m sorry, and hopefully you can
    figure it out.