1. Tor Browser

Category Archives: Tor Browser

How to use Tor for Facebook (Windows, Mac & Linux)

Posted on by

Facebook, Inc. is not celebrated for its privacy policies or keeping user information safe from third parties. But even if people are practically giving away their life to advertisers, they still continue to use Facebook, probablybecause they think theres notrue way to socialize while keeping their privacy.

Good news is, there is now a way for you to use Facebook without all your actions being tracked. Facebook welcomed the dark net by providing official support for Tor via https://facebookcorewwwi.onion/. Prior to Facebooks official support, usingTor on the popular social networkwould flagthe user asa hacked account, and communication between Tor and Facebook wouldntstay encrypted. With this new support, the communication between Tor and Facebook remains encrypted, giving users the option of using the service without giving away all their other information, such as their current location.

Its not so much protecting people from governments, but protecting from people who are spying on communications that could be anyone from criminals to marketers, said Dr Steven Murdoch, from University College London, who Facebook consulted for the project.

If you want to go dark, or at least keep some of your information to yourself, follow the steps below on how you can start enjoying Facebook + Tor.

First go to this link to download the Tor browser https://www.torproject.org/projects/torbrowser.html.en

Save the downloaded file either on your desktop or a USB stick if you really wish to cover your track.

It needs at least 80MB of free disk space in the location you select.

Double click on the file when it finishes downloading, click RUN, choose a language, then click OK.

Wait until the installer finishes then click FINISH to launch the Tor browser wizard.

The rest is here:

How to use Tor for Facebook (Windows, Mac & Linux)

Facebook opens up to Tor users with new secure .onion address

Posted on by

For those who are concerned about their privacy post-Snowden, there are various ways to boost online privacy such as using the anonymizing Tor browser. Browsing the internet anonymously is something that scares the authorities -- there were reports just a couple of months ago that Comcast was threatening to cut off customers who chose to use Tor -- but now Facebook has opened up to the idea.

The social network -- often criticized for its own privacy policies -- has lifted its bans on using Tor, and has created a secure URL (https://facebookcorewwwi.onion/). This can be used to visit Facebook using any Tor-enabled browser and adds a few extra layers of protection for those looking to stay secure. While the idea of anonymity on Facebook may seem oxymoronic, there is a degree of logic.

One of the key benefits of using Tor is that it enables users to bypass locally enforced censorship and blocks, but until now Facebook has blocked access via Tor. The fact that Tor traffic bounced around the internet multiple times in a bid to disguise its origin, it was often flagged as suspicious by Facebook for appearing like botnet activity. This is no longer the case as the new URL opens up access to the security-minded.

Software engineer Alec Muffett explains that, "Facebook's onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud". Accessing Facebook viaTor using the .onion address means connecting directly to Facebook's Core WWW Infrastructure (hence the URL). This allows for direct communication with Facebook, effectively sidestepping browsing restrictions that may have been put in place by local governments, and avoiding any surveillance that might be carried out on traffic that is permitted.

Facebook's Tor-friendly TLD is the first .onion address to be granted SSL certificate. Muffett says:

We decided to use SSL atop this service due in part to architectural considerations - for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link. As a result, we have provided an SSL certificate which cites our onion address; this mechanism removes the Tor Browser's SSL Certificate Warning for that onion address and increases confidence that this service really is run by Facebook. Issuing an SSL certificate for a Tor implementation is - in the Tor world - a novel solution to attribute ownership of an onion address; other solutions for attribution are ripe for consideration, but we believe that this one provides an appropriate starting point for such discussion.

Despite what some news reports say, this is not a way to stay anonymous on Facebook. You still log into your regular account and use it in the same way. What the .onion URL does is ensure that nothing happens to your data as it travels from your computer to Facebook and back.

Read more here:

Facebook opens up to Tor users with new secure .onion address

Facebook Just Created a Custom Tor Link and That's Awesome

Posted on by

Facebook is often criticized over privacy concerns, but the social network just made a historic move in the name of security and anonymity. The social network just created a dedicated Tor link that ensures people who visit the site from the anonymous web browser won't be mistaken for botnets. This is a big deal, mostly because it's Facebook.

Before I say anything else, this is the Tor address, and if you're a Tor user who also uses Facebook, you should start using it immediately: https://facebookcorewwwi.onion/

Now about that big deal claim. Today's news means that Facebook is the first website with a Certificate Authority to launch a dedicated Tor URL and certified connection through the browser. While you may think of Facebook as the pioneer of invading your digital privacy, the company has done a much better job pioneering better security methods on the internet. This is not surprising, since so many people use Facebook and a compromised Facebook accounts can do real damage. It is good news to know that this behemoth is using some of its mountains of cash to make the internet a safer place.

As for the new Tor URL itself, the need was clearly there. Over the years, Facebook has received tons of complaints from users who said that the site doesn't work right in the Tor browser. For instance, fonts were all over the place, and ads were weird. Facebook, meanwhile, realizes that Tor's method of routing connections through several computers in order to preserve the users' anonymity compromises some of the many important security measures the site has already implemented (e.g. HTTPS, Perfect Forward Security, HSTS, etc.). Namely, Facebook's security measures often think that users logging into the site through Tor are not actual humans but rather botnets trying to cause trouble.

This is true! I just tested it out. I logged into my dusty old Facebook profile from Chrome and everything was normal. Then, with that Facebook tab still open, I fired up Tor and navigated to facebook.com, where I was greeted by the normal log in screen. That's when things got weird. Facebook immediately thought I'd been hacked:

Simultaneously, the Facebook tab I had open in Chrome went dark. Facebook automatically signed me out. I didn't even refresh the page, I was just kicked out. This is normal for a potential Facebook hack, but a little bit startling nevertheless.

So, in order to get into my account, I went through the motions which were sort of fun:

Originally posted here:

Facebook Just Created a Custom Tor Link and That's Awesome

Tor Browser 4.0 is released | The Tor Blog

Posted on by

Update (Oct 22 13:15 UTC): Windows users that are affected by Tor Browser crashes might try to avoid this problem by opening "about:config" and setting the preference "media.directshow.enabled" to "false". This is a workaround reported to help while the investigation is still on-going.

Update (Oct 25 02:32 UTC): If you are unhappy with the new Firefox 31 UI, please check out Classic Theme Restorer.

Update (Oct 16 20:35 UTC): The meek transport still needs performance tuning before it matches other more conventional transports. Ticket numbers are now listed in the post.

The first release of the 4.0 series is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Additionally, due to the POODLE attack, we have also disabled SSLv3 in this release.

The primary user-facing change since the 3.6 series is the transition to Firefox 31-ESR.

More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses. Note though that we still need to improve meek's performance to match other transports, though. so adjust your expectations accordingly. See tickets #12428, #12778, and #12857 for details.

This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work. Please also be aware that the security of the updater depends on the specific CA that issued the http://www.torproject.org HTTPS certificate (Digicert), and so it still must be activated manually through the Help ("?") "about browser" menu option. Very soon, we will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379). Until then, we do not recommend using this updater if you need stronger security and normally verify GPG signatures.

There are also a couple behavioral changes relating to NoScript since 3.6. In particular, by default it now enforces script enable/disable for all sub-elements of a page, so you only need to enable scripts once for a page to work, rather than enabling many sub-scripts. This will hopefully make it possible for more people to use the "High Security" setting in our upcoming Security Slider, which will have Javascript disabled globally via NoScript by default. While we do not recommend per-element whitelisting due to fingerprinting, users who insist on keeping this functionality may wish to check out RequestPolicy.

Note to MacOS users: We intend to deprecate 32bit OSX bundles very soon. If you are still using 32bit OSX 10.6, you soon will need to either update your OS to a later version, or begin using the Tails live operating system.

Read the rest here:

Tor Browser 4.0 is released | The Tor Blog

Investors flock to tiny device that promises online anonymity

Posted on by

A new gadget with the potential to strike terror into the hearts of online marketers has just set off a crowdfunding frenzy on Kickstarter.

The Anonabox is a tiny, 2.4 inch by 1.6 inch router that aims to anonymize online activity by redirecting Ethernet and Wi-Fi traffic through the Tor network. It launched its fund-raising campaign on Sunday night with a sub-$50 price target and smashed through its $7,500 goalin less than six hours. It has raised nearly $500,000 at the time of writing.

The Tor network is a chain of computers (or nodes) that act as a relay for Internet traffic. When using Tor, requests from your PC are bounced through this network rather than accessing a website or service directly. This masks IP addresses and other information that could be used to discover your identity.

Anonabox isnt the first bit of Tor-enabled hardware weve seen. Last year, the Tor Project announced the Torouter Dreamplug but youll be lucky to get your hands on one. According to the Tor website, Dreamplug is still highly experimental and while seemingly functional, we have lots of bugs to iron out and features to implement.

Another option is the Safeplug, which retails for $49. It adds in ad-blocking software, but doesnt encrypt network traffic as the Anonabox promises to do. Its also a bit on the hefty side, being the same size as your typical home router.

Of course, you can always download the Tor browser itself, but that will only anonymize your browsing your Skype chats, email client and other software will still be unprotected.

At the moment, the Anonabox appears to have a unique value proposition. Its plug-and-play and fits inside a shirt pocket for easy portability between home and office. It can also be installed between a router and a modem to anonymize all devices that connect to the router.

But the project is also drawing some criticism. In an ask me anything session on Reddit with Anonabox developerAugust Germar, several members pointed to similarities between Anonabox and a $20 mini router being sold on AliExpress. Germar insisted that his design is original, but critics said his answers were vague and unconvincing. For now, the mini-controversy isnt stopping Anonabox from continuing to sign up Kickstarter backers at the rate of $10,000 per hour.

See the original post here:

Investors flock to tiny device that promises online anonymity

Anonabox promises a portable, streamlined way to use Tor to hide your online tracks

Posted on by

Staying anonymous online could get a lot simpler with Anonabox, a pocket-sized networking device due to launch early next year.

The $51 device plugs into any standard Internet router and pipes all traffic through the Tor network. The traffic then moves through multiple computers on Tors network, erasing its tracks along the way, before finally hitting the open Internet. The result is an anonymous and encrypted connection straight out of the box.

While Tor already offers a Web browser for this purpose, extending Tors capabilities to other programs requires a complicated setup process. Even opening an attachment from Tor can create risk, as the outside program could connect to the Internet without keeping the user anonymous. By plugging directly into the router, Anonabox promises to anonymize all Internet activity regardless of what program youre using.

Why this matters: Between overreaching government data collection in the United States, censorship in other countries and the rise of the darknet, theres a huge demand for products that hide their users online activities. Anonabox is hitting all the right notes at just the right time, with a low-cost product thats supposedly easy to use and to conceal. That may explain why the Kickstarter campaign is nearing $300,000 as of this writingfar beyond Anonaboxs $7,500 goal.

As Wired points out, Anonabox is not the first device of its kind. Devices like Torouter and Portal require technical know-how to replace a routers stock software, while OnionPi arrives as a kit that must be assembled by the user. Anonaboxs closest competitor is SafePlug, a $49 device that plugs into any router, but its larger and potentially less secure. By comparison, Anonabox is small enough to conceal in a pants pocket, and the creators promise to test and configure each unit by hand to make sure theyre working properly.

For now, the Tor community isnt giving a full endorsement, though Tors executive director Andrew Lewman told Wired that the device looks promising. Micah Lee, lead technologist for The Intercept, suggested that users still fire up the Tor browser in conjunction with the box, as it avoids fingerprinting techniques that other browsers use to track individuals around the Web.

Given that this is a Kickstarter project, potential buyers need to reserve some skepticism as well. However, the creators note that the product is already fully functional and ready for large-scale production, with backup vendors in place. At a glance, it seems like a well-organized campaign, and a potentially valuable tool for protestors, privacy paranoids and Internet miscreants alike.

Read more:

Anonabox promises a portable, streamlined way to use Tor to hide your online tracks

This tiny box anonymises all your online actions

Posted on by

No tool in existence protects your anonymity on the Web better than the software Tor, which encrypts Internet traffic and bounces it through random computers around the world. But for guarding anything other than Web browsing, Tor has required a mixture of finicky technical setup and software tweaks. Now routingall your traffic through Tor may be as simple as putting a portable hardware condom on your ethernet cable.

Today a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 (28) open-source router automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the user's IP address and skirting censorship. It's also small enough to hide two in a pack of cigarettes. Anonabox's tiny size means users can carry the device with them anywhere, plugging it into an office ethernet cable to do sensitive work or in a cybercafe in China to evade the Great Firewall. The result, if Anonabox fulfils its security promises, is that it could become significantly easier to anonymise all your traffic with Tor -- not just Web browsing, but email, instant messaging, file sharing and all the other miscellaneous digital exhaust that your computer leaves behind online.

"Now all your programs, no matter what you do on your computer, are routed over the Tor network," says August Germar, one of the independent IT consultants who spent the last four years developing the Anonabox. He says it was built with the intention of making Tor easier to use not just for the software's Western fans, but for those who really need it more Internet-repressive regimes. "It was important to us that it be portable and small -- something you can easily conceal or even throw away if you have to get rid of it."

This has happened before Anonabox is by no means the first project to attempt to integrate Tor directly into a router. But Germar argues it will strike the best balance yet of cheapness, easy setup, size and security. Tor-in-a-box projects like Torouter and PORTAL, for instance, require the user to replace the software on a stock router. Another project called OnionPiis designed to be built one from a kit, and costs roughly twice as much as Anonabox.

In terms of consumer friendliness, the closest device yet to a plug-and-play Tor router has beenSafeplug, a $49 (31) variant on a Pogoplug router modified to route all traffic over Tor. But at more than twice the size, the Safeplug isn't nearly as portable as the Anonabox. And it's also been criticized for security flaws; Researchers at Princeton found in Septemberthat it didn't have any authentication on its settings page. That means a hacker could use a technique called a Cross-Site Request Forgery to trick a user into clicking on a link that would change the router's functions or turn off its Tor routing altogether. It also uses an outdated version of Tor, one that had been updated even before the device shipped last year.

Anonabox's security hasn't yet been audited for those sorts of flaws. But its creators point out that it will be entirely open source, so its code can be more easily scrutinised for errors and fixed if necessary.

The community is watching The non-profit Tor project itself is reserving judgment for now. But its executive director Andrew Lewman tells WIRED he's keeping an eye on the project, and that it "looks promising so far." Micah Lee, lead technologist for Glenn Greenwald's The Interceptand a frequent developer on Tor-related projects, says he's mostly encouraged by the idea. One of the potential vulnerabilities for Tor users, after all, is that a website they visit could run an exploit on their computer, installing malware that "phones home" to a server across a non-Tor connection to reveal their real IP address. "If you're using something like this, everything goes over Tor, so that can't happen," Lee says. "A Tor router can definitely have a big benefit in that there's physical isolation."

He nonetheless cautions that Anonabox alone won't fully protect a user's privacy. If you use the same browser for your anonymous and normal Internet activities, for instance, websites can use "browser fingerprinting" techniques like cookies to identify you. Lee suggests that even when routing traffic over Tor with Anonabox, users should use the Tor Browser, a hardened browser that avoids those fingerprinting techniques. (To avoid running their traffic through Tor twice and reducing bandwidth speeds to a crawl, he points to a setting in the Tor Browser called "transparent torification," which turns off the browser's own Tor routing.)

The Anonabox has been in the works since 2010, long enough that its developers have been able to evolve their own custom board as well as an injection-moulded case. That customisation, Germar says, means the tiny device still packs in 64 megabytes of storage and a 580 megahertz processor, easily enough to fit the Tor software and run it without any slowdowns.

Built for civil disobedience Germar says he and his friends began thinking about the possibility for the device around the time of the Arab Spring in late 2010 and early 2011. The Anonabox is ultimately intended for users in other countries where Tor's anti-censorship and privacy properties can help shield activists and journalists. It can be used in a cybercafe, for instance, where users can't easily install new software on computers. And it's capable of so-called "pluggable transports" -- extensions to Tor that often allow its traffic to better impersonate normal encrypted data.

The rest is here:

This tiny box anonymises all your online actions

Anonabox Promises Total Online Anonymity That's Easy, Open Source, and Cheap

Posted on by

Nobody likes giving up their privacy. But as much as we complain about it, relatively few of us are willing to put time,money, or effort into consistently protecting our privacy online. And its not like its that hard, relatively speaking: the Tor Project offers excellent, free software that lets you browse the Internet in complete anonymity, if you use it properly. With Tor, data you send over the Internet are encrypted and stripped of any identifying information (namely, your IP address) before reaching their destination. Its one of the most reliable methods that you can use to protect your identity online. However, it does take some amount of experience to use, along with a conscious decision to choose security over convenience. If that sounds like too much work (and itsure sounds like a lot of work, doesnt it?), the Anonabox could be exactly what you need.

The Anonabox, now on Kickstarter, is a tiny little networking tool that will sit there and invisibly do all of the Tor-related stuff that youd want it to do, without you ever having to think about it.

The appeal of Anonabox (relative to other, similar products) is threefold. First, its about as easy to use as you could possibly hope for: plug one end into a free port on your modem or router, add power (USB), and thats it. The Anonabox will set up its own wireless access point (in tandem with any existing network) that you can connect to when you want to, and all the data that are sent through it will be anonymized through Tor. No wireless? No problem, its got an ethernet port, too.

Second, its completely open source, which means that people way smarter than you can make sure that there arent any security holes in the software.

And third, its cheap: the people behind this thing have spentyears refining it for their own use, which has driven the price down to something equivalent to a cheap router. Add all of these things together, and your total investment (time, money, space, effort, frustration, embarrassment, emotional anguish, etc.) drops to the point where even those with a vague interest in the option for online privacy would have a hard time justifying not getting an Anonabox.

So, since Anonabox is entirely based on Tor, why not just use the Tor browser, which is free? The simple answer is that Anonabox anonymizes everything that your computer is sending out over the Internet, not just the websites that you visit through your browser. Email, instant messaging, filesharing, all of it.In that respect,using a piece of hardware that runs everything through Tor like this certainly makes things safer, but it cant keep you perfectly safe.

Most of the time, when a Tor user is compromised, its because thatuser (or the users computer)did something that shouldnt have been done: security and privacy areas much about youusing good browsing practices andexercising caution as they are about anonymizing hardware and software. For example, if you browse the Internet through Anonabox with the same Web browser that youve been using, its possible to identify you through the unique characteristics of the cookies that your browser has probably picked up. Instead, you should be using a different browser, or ideally the Tor browser itself, which is specifically designed to prevent things like that from happening. The point is this: no combination of hardware or software is capable enough to protect your privacy if you use it wrong.

Anonabox was looking for $7,500 for an initial production run on Kickstarter, and theyve surpassed that by just a bit, clocking in at well over $150,000 in funding with 28 days to go. Youve missed the early bird version of the Anonabox ($45), so instead youll have to pay $51, with delivery expected early next year.

Follow this link:

Anonabox Promises Total Online Anonymity That's Easy, Open Source, and Cheap

With This Tiny Box, You Can Anonymize Everything You Do Online

Posted on by

No tool in existence protects your anonymity on the Web better than the software Tor, which encrypts Internet traffic and bounces it through random computers around the world. But for guarding anything other than Web browsing, Tor has required a mixture of finicky technical setup and software tweaks. Now routing all your traffic through Tor may be as simple as putting a portable hardware condom on your ethernet cable.

Today a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the users IP address and skirting censorship. Its also small enough to hide two in a pack of cigarettes. Anonaboxs tiny size means users can carry the device with them anywhere, plugging it into an office ethernet cable to do sensitive work or in a cybercafe in China to evade the Great Firewall. The result, if Anonabox fulfills its security promises, is that it could become significantly easier to anonymize all your traffic with Tornot just Web browsing, but email, instant messaging, filesharing and all the other miscellaneous digital exhaust that your computer leaves behind online.

Now all your programs, no matter what you do on your computer, are routed over the Tor network, says August Germar, one of the independent IT consultants who spent the last four years developing the Anonabox. He says it was built with the intention of making Tor easier to use not just for the softwares Western fans, but for those who really need it more Internet-repressive regimes. It was important to us that it be portable and smallsomething you can easily conceal or even throw away if you have to get rid of it.

Anonabox is by no means the first project to attempt to integrate Tor directly into a router. But Germar argues it will strike the best balance yet of cheapness, easy setup, size and security. Tor-in-a-box projects like Torouter and PORTAL, for instance, require the user to replace the software on a stock router. Another project called OnionPi is designed to be built one from a kit, and costs roughly twice as much as Anonabox.

In terms of consumer friendliness, the closest device yet to a plug-and-play Tor router has been Safeplug, a $49 variant on a Pogoplug router modified to route all traffic over Tor. But at more than twice the size, the Safeplug isnt nearly as portable as the Anonabox. And its also been criticized for security flaws; Researchers at Princeton found in September that it didnt have any authentication on its settings page. That means a hacker could use a technique called a Cross-Site Request Forgery to trick a user into clicking on a link that would change the routers functions or turn off its Tor routing altogether. It also uses an outdated version of Tor, one that had been updated even before the device shipped last year.

Anonaboxs security hasnt yet been audited for those sorts of flaws. But its creators point out that it will be entirely open source, so its code can be more easily scrutinized for errors and fixed if necessary.

The non-profit Tor project itself is reserving judgment for now. But its executive director Andrew Lewman tells WIRED hes keeping an eye on the project, and that it looks promising so far. Micah Lee, lead technologist for Glenn Greenwalds The Intercept and a frequent developer on Tor-related projects, says hes mostly encouraged by the idea. One of the potential vulnerabilities for Tor users, after all, is that a website they visit could run an exploit on their computer, installing malware that phones home to a server across a non-Tor connection to reveal their real IP address. If youre using something like this, everything goes over Tor, so that cant happen, Lee says. A Tor router can definitely have a big benefit in that theres physical isolation.

He nonetheless cautions that Anonabox alone wont fully protect a users privacy. If you use the same browser for your anonymous and normal Internet activities, for instance, websites can use browser fingerprinting techniques like cookies to identify you. Lee suggests that even when routing traffic over Tor with Anonabox, users should use the Tor Browser, a hardened browser that avoids those fingerprinting techniques. (To avoid running their traffic through Tor twice and reducing bandwidth speeds to a crawl, he points to a setting in the Tor Browser called transparent torification, which turns off the browsers own Tor routing.)

The Anonabox has been in the works since 2010, long enough that its developers have been able to evolve their own custom board as well as an injection-molded case. That customization, Germar says, means the tiny device still packs in 64 megabytes of storage and a 580 megahertz processor, easily enough to fit the Tor software and run it without any slowdowns.

Germar says he and his friends began thinking about the possibility for the device around the time of the Arab Spring in late 2010 and early 2011. The Anonabox is ultimately intended for users in other countries where Tors anti-censorship and privacy properties can help shield activists and journalists. It can be used in a cybercafe, for instance, where users cant easily install new software on computers. And its capable of so-called pluggable transportsextensions to Tor that often allow its traffic to better impersonate normal encrypted data.

Read more:

With This Tiny Box, You Can Anonymize Everything You Do Online


  1. Tor Browser