Tor, once known only by network nerds, has now become something of a hot topic. This is thanks largely to the anonymous network's reputation for hosting drug marketplaces like Silk Road, and other unsavoury sites.
But what exactly is Tor? What is it good for? Does it have any legitimate uses? And how can those not versed in the finer details of network technologies actually access it?
08/04/2017:The Tor browser discloses information that a determined attacker could potentially use to identify who uses the browser to surf the web, according to a computer forensic expert.
Dr Neal Krawetz revealed the issues in his blog last week, suggesting that instead of masking the identity of the user through layers of encryption, Tor browsers do give away details about the person surfing the dark web.
The first issue Krawetz encountered is to do with the window and screen size. Most browsers set the window size smaller than the screen size but Tor sets the two as the same. This means JavaScript can immediately detect the Tor browser, making the user vulnerable because they can be denied access to the site.
The second issue he found is that the Tor browser tries to size the Window at 1,000 x 1,000 pixels but if the screen is smaller then it chooses a width that is a multiple of 200 pixels and a height that is a multiple of 100 pixels.
However, on Mac OS, the browser sometimes miscalculates the initial Window size, an inconsistent problem that he puts down to the height of the dock. This means that a user can be profiled: if the Tor browser window size is a multiple of 200 across but not a multiple of 100 tall then it is a Tor Browser on Mac OS X.
The third and last issue is to do with the scrollbar size in the Tor browser. The browser does not normalise the viewport size, so if scrollbars are displayed then the viewport size can be subtracted from the windows size to find out the thickness of scrollbars. This can then be used to find out which operating system a user is on, as different OS's and desktops use different default thicknesses.
Krawetz pointed out the scrollbar thickness for a number of platforms, including: "The Tor browser on MacOS 10.11 uses a default thickness of 15 pixels. The Tor browser on Windows 7/8/10 uses scrollbars that are 17 pixels thick. The Tor browseron Linux uses scrollbars that are 10-16 pixels thick."
He then said that if you can detect the Tor browser - as possible in the first issue, and the scrollbars are 17 pixels thick, then you can work out that it's the Tor browser on Windows. He added: "If the scrollbars are 15 pixels thick, then it's either Linux or Mac OS X (check the window height to distinguish Mac from Linux; see issue #2). And any other thickness denotes Linux."
Krawetz stated how hard it is to report an error to the Tor Project. Even though the project asks on its website and Twitter for users to report security issues, when he has he has usually been met with silence. "Over the last few years, I've tried to report some of these profiling methods (and solutions) to the Tor Project, but each time has resulted in failure," he wrote."Often, my attempts to report a vulnerability or profiling risk has been met with silence."
03/04/2017:Tor browser will rely on more Rust code
The Tor browser will take greater advantage of the Rust programming language developed by Mozilla to keep user interactions more secure, it has been revealed.
Although Tor developers have been gunning for the news for a long time (since 2014, in fact), the Mozilla-powered code will play a bigger role in the secretive browser's future.
According to Bleeping Computer, Tor developers met last week to discuss the future of the private browser and decided to use more of the C++-based code in future, hoping to replace the majority of its legacy C and C++ base in the coming months or years.
"We didn't fight about Rust or Go or modern C++. Instead, we focused on identifying goals for migrating Tor to a memory-safe language, and how to get there," Tor developer Sebastian Hahn said.
"With that frame of reference, Rust emerged as a extremely strong candidate for the incremental improvement style that we considered necessary."
The reason why it decided to make such a big change was because a tiny mistake in the C programming language used in the current version of Tor could have a huge impact on users, Tor developer Isis Agora Lovecruft said on Twitter.
"A tipping point in our conversation around 'which safe language' is the Tor Browser team needs Rust because more & more Firefox is in Rust. Also the barrier to entry for contributing to large OSS projects written in C is insanely high."
13/12/2016:The first sandboxed version of the Tor Browser was released in alpha last weekend, bringing privacy fans one step closer to secure browsing.
Version 0.0.2 of the software was released by Tor developer Yawning Angel on Saturday, who is tackling the project largely single-handed. Official binaries are yet to be released, but early adopters can take it for a spit by compiling the code themselves from GitHub.
The project has been a labour of love for Yawning Angel. "We never have time to do this," he said back in October. "We have a funding proposal to do this but I decided to do it separately from the Tor Browser team. I've been trying to do this since last year."
The efforts have been given new urgency by a zero-day vulnerability in Firefox. Discovered last month, the error was being used to de-anonymise Tor users, as the browser is heavily based on Firefox code.
Sandboxed instances of Tor are different from the normal version in that they run in a self-contained silo. This means that if an attacker uses an exploit against the browser, the amount of data it can collect through it from the rest of the machine and operating system is limited.
However, Yawning Angel has stressed that the software is still a very early alpha, and cannot be trusted to be entirely secure. "There are several unresolved issues that affect security and fingerprinting," he wrote as part of the software's README.
01/12/2016:A zero day vulnerability found in both Firefox and Tor web browsers has been exploited in the wild, allowing attackers to target users for their IP and MAC addresses.
Internet security firm Malwarebytes first discovered the flaw, which was shown to be almost identical to the one used by the FBI to expose Tor browser users in 2013.
"The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code," said Daniel Veditz, security lead at Mozilla, in a blog post on Wednesday.
Hackers were able to exploit Tor and Firefox browsers to send user hostnames and IP and MAC addresses to a remote server identified as 5.39.27.226, which has now been taken down.
"The goal is to leak user data with as minimal of a footprint as possible. There's no malicious code downloaded to disk, only shell code is ran directly from memory," said Jerome Segura, lead malware intelligence analyst at Malwarebytes.
"Browsers and their plugins remain the best attack vector to deliver malware or leak data via drive-by attacks," added Segura.
Malwarebytes recommend users adjust the security settings of their Tor browser to 'High' within the privacy settings, which will thwart any similar attacks of this kind. Users running the Malwarebytes Anti-Exploit tool will already by protected from the vulnerability. Both Mozilla and Tor have released patches to address the security flaw.
The term Tor can be used to refer to both the anonymous Tor network and the Tor Browser software used to access it. Designed for privacy and anonymity, it is used by journalists, hackers, privacy campaigners and criminals alike, and with around 2.5 million daily users, its the internets biggest avenue of anonymous online activity,
The systems aim is to prevent a users web activity (such as traffic, communication and search history) from being externally traced, usually by government or law enforcement agencies. Its commonly used to access whats known as the Dark Web hidden servers which are often used to host black market transactions.
Tor was originally known as The Onion Router, so named because it uses onion routing encryption protocols. This essentially functions like pass-the-parcel; data packets sent through Tor are secured with multiple layers of encryption.
They are then sent in a randomised pattern through Tors network of volunteer relay nodes. At each point in the relay, a layer of encryption is peeled away, which reveals the next point in the chain. Once the last layer of encryption has been removed, the data is passed on to its intended destination.
The key factor here is that each relay in the chain can only see the network location of the node immediately before and after it the one it received the data from, and the one its sending it to.
This means that at no point along the chain are both the sender and recipients network details visible at the same time, and thus cant be linked.
Tor is simply a network system, and can be used to provide untraceable access to any internet service or website. Its often used as an innocent precaution by those who dont want their actions traced by increasing levels of online government surveillance.
However, Tor also has a sinister side: the Dark Web. For obvious reasons, the prospect of untraceable web activity has proved very attractive to certain elements of society, and Tor has now become synonymous with varying levels of criminal activity.
Almost all of this activity occurs on servers inaccessible via standard web connections, known as hidden services. These servers are configured to only accept traffic coming from the Tor network, ensuring anonymity for both the servers operator and its users. They are also inaccessible from standard browsers.
Hidden services are extremely popular for the trade and distribution of illegal or objectionable materials. According to a study by Dr. Gareth Owen, narcotics alone are the subject of around 15 per cent of hidden services on the Dark Web, with hacking, fraud and counterfeiting all being popular topics.
Infamous Dark Web marketplaces like Silk Road and Evolution have brought this topic to the fore, and law enforcement agencies are becoming increasingly more aware of these services. The Tor network has apparently remained secure so far, but the US government, in particular, is heavily invested in cracking Tors integrity.
While many use the Deep Web and the Dark Web synonymously, important to note the distinction between the two.
As defined by Michael K. Bergman in his 2000 paper on the subject, the Deep Web refers simply to content that is not indexed by search engines, and thus extremely difficult for the average user to find.
The Dark Web, by contrast, is designed to be hidden from the rest of the internet. It consists of darknets; sub-sections of the internet which can only be accessed through systems like Tor.
The Dark Web is largely comprised of illegal or antisocial activity, while the Deep Web is often made up of innocuous but irrelevant web pages, such as archived content, multimedia elements or non-linked pages.
If youre looking to use Tor, be it for exploring the Dark Web or just for a little extra privacy, the first thing youll need is the Tor Browser, downloaded through The Tor Projects website. Its designed to be the best way to use Tor and is specially-configured to encrypt and protect your web traffic.
Available for Linux, Mac and PC, just download the Tor Browser installation file from the Tor Projects website, install it like any other browser, and following a brief setup, youll be all set to use Tor.
Youll also need a little patience. The relay method that makes Tor secure also means that its not quite as fast as a regular broadband connection, so you might find yourself waiting longer than usual for pages to load.
If youre just looking for the security of knowing no-one will be able to trace your everyday internet activity, then youre now all set to use Tor. Simply browse as normal, and the Tor network will do all the work to ensure that youre kept safe from prying eyes.
If you want to dive into the murky territory of the Dark Web, however, youll need to do a little homework first. Its not quite as simple as users may be used to, and given its dangerous nature, its best to go in prepared.
Before you do anything else, wed advise anyone thinking of engaging in any Dark Web activity to ensure theyve got the most up-to-date security possible; you never know whos out there, after all. Also, be very, very careful not to accidentally break any laws, and make sure you know where youre browsing to.
Once youve got Tor set up, youll need to start looking for Dark Web sites. Unlike regular websites, Tors hidden services arent accessible through regular web searches and dont have conventional web URLs.
Instead, theyre accessed through .onion addresses, which are 16-character alphanumeric strings, randomly generated when the hidden service is created. The .onion address for The Tor Projects homepage, for example, is http://idnxcnkne4qt76tg.onion/
Unless you know its specific address, you wont be able to access the hidden service. Some are a closely-guarded secret, but many of the more common Dark Net sites (both criminal and legitimate) are catalogued by directories like The Hidden Wiki, available as both a regular website and a hidden service.
There are also basic search engines like Torch, which crawl and index Dark Web sites based on content. Theyre nowhere near as sophisticated as regular search engines, though and are at a disadvantage due to the Dark Webs clandestine nature.
Of course, there are ways to access Dark Web sites without using the Tor Browser itself. Tor2Web is a project that uses Tor-based proxies to let users access Tor hidden services without using the Tor Browser itself.
With a standard web browser, adding the suffixes .to, .city, .cab or .direct to the end of any .onion Tor link will send your connection through to a proxy server configured to use onion routing protocols. This server will then visit the address on your behalf, and relay the page contents back to your browser.
However, while this method is far easier than installing the Tor Browser, it is inherently traceable and provides no anonymity to the user. Using the dedicated browser remains the safest method of traversing the Dark Web for anyone with more than an academic interest in its contents.
The rest is here:
Three vulnerabilities allow spies to detect Tor browsers - Cloud Pro
- Tor Browser Bundle - Free download and software reviews ... [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Tor - Official Site [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Tor Browser (M-S0FT) - Video [Last Updated On: April 26th, 2014] [Originally Added On: April 26th, 2014]
- Downloading torrents in utorrent using tor browser - Video [Last Updated On: April 27th, 2014] [Originally Added On: April 27th, 2014]
- Tor Browser installieren [Tutorial deutsch] - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- TOR BROWSER KURULUM+KULLANIM - Video [Last Updated On: May 1st, 2014] [Originally Added On: May 1st, 2014]
- tor browser descargar e instalar - Video [Last Updated On: May 2nd, 2014] [Originally Added On: May 2nd, 2014]
- Entering the Deep Web-Deep Web Url link (2014) - Video [Last Updated On: May 6th, 2014] [Originally Added On: May 6th, 2014]
- Red Onion Tor Browser for iPhone - Video [Last Updated On: May 10th, 2014] [Originally Added On: May 10th, 2014]
- working referral link to agora hidden market place -new url ( onion site ) - Video [Last Updated On: May 13th, 2014] [Originally Added On: May 13th, 2014]
- how to install TOR Browser On LINUX - Video [Last Updated On: May 17th, 2014] [Originally Added On: May 17th, 2014]
- Tor Browser Free Download/Install|Free Latest Version|64/32 bit Windows|2014 - Video [Last Updated On: May 17th, 2014] [Originally Added On: May 17th, 2014]
- How to Install the New Tor Browser in Kali Linux - Video [Last Updated On: May 19th, 2014] [Originally Added On: May 19th, 2014]
- Grams Darknet black market search engine demo - Video [Last Updated On: May 19th, 2014] [Originally Added On: May 19th, 2014]
- How to download and use Tor browser [4K] - Video [Last Updated On: May 20th, 2014] [Originally Added On: May 20th, 2014]
- Free App Lets the Next Snowden Send Big Files Securely and Anonymously [Last Updated On: May 22nd, 2014] [Originally Added On: May 22nd, 2014]
- How to get free 7 day trials for XBL works as of May 2014 - Video [Last Updated On: May 24th, 2014] [Originally Added On: May 24th, 2014]
- Free Access to Deep Web (HIdden Wikki)(Tor Browser)-free 2014 - Video [Last Updated On: May 27th, 2014] [Originally Added On: May 27th, 2014]
- Cybersecurity official uses Tor but still gets caught with child porn [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Federal Cybersecurity Director Found Guilty on Child Porn Charges [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Browse Anonymously, Browse Safely - The App Center [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Tor Browser for iOS - Free download and software reviews ... [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Softonic - Tor Browser - Download [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Review: Tor Browser Bundle lets you browse in anonymity ... [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Guide to using the Tor Browser Bundle for secure communication - Video [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- What is the Tor Browser? - Tor Project: Anonymity Online [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Tor Browser - Problem Connecting? [Last Updated On: September 1st, 2014] [Originally Added On: September 1st, 2014]
- Hack-Bypass Hotspot (Mikrotik) With Tor Browser - Video [Last Updated On: September 4th, 2014] [Originally Added On: September 4th, 2014]
- Using tor-browser on ubuntu 14.04 LTS - Video [Last Updated On: September 7th, 2014] [Originally Added On: September 7th, 2014]
- Download Tor Browser Bundle 3 6 5 For Win, Mac, Linux - Video [Last Updated On: September 8th, 2014] [Originally Added On: September 8th, 2014]
- Tor browser NOT SAFE without this quick step - Video [Last Updated On: September 12th, 2014] [Originally Added On: September 12th, 2014]
- Why a thinly sourced, unverified report about Comcast has the Web in an uproar [Last Updated On: September 16th, 2014] [Originally Added On: September 16th, 2014]
- Comcast Denies It Will Cut Off Customers Who Use Tor, The Web Browser For Criminals (CMCSA) [Last Updated On: September 16th, 2014] [Originally Added On: September 16th, 2014]
- Comcast calls rumor that it disconnects Tor users wildly inaccurate [Last Updated On: September 16th, 2014] [Originally Added On: September 16th, 2014]
- Guns, drugs and freedom: the great dark net debate [Last Updated On: September 18th, 2014] [Originally Added On: September 18th, 2014]
- How to instal Tor Browser - Video [Last Updated On: September 20th, 2014] [Originally Added On: September 20th, 2014]
- How to use the Tor Browser to surf the web anonymously [Last Updated On: September 23rd, 2014] [Originally Added On: September 23rd, 2014]
- Download and Install Tor Browser Bundle - Video [Last Updated On: September 24th, 2014] [Originally Added On: September 24th, 2014]
- TOR Browser: Safe to use 2014? - Yahoo Answers [Last Updated On: September 25th, 2014] [Originally Added On: September 25th, 2014]
- install tor browser for kali linux 1.0.9 - Video [Last Updated On: September 26th, 2014] [Originally Added On: September 26th, 2014]
- Alex Jones Interviews Creator of TOR Browser- Infowars September 2014 - Video [Last Updated On: September 29th, 2014] [Originally Added On: September 29th, 2014]
- Dreaming of a Tor Button for Firefox [Last Updated On: September 30th, 2014] [Originally Added On: September 30th, 2014]
- Tor Executive Director Hints At Firefox Integration [Last Updated On: September 30th, 2014] [Originally Added On: September 30th, 2014]
- Install tor browser on kali linux - Video [Last Updated On: September 30th, 2014] [Originally Added On: September 30th, 2014]
- How to install TOR browser bundle on sparkylinux 32bit - Video [Last Updated On: October 1st, 2014] [Originally Added On: October 1st, 2014]
- Firefox could be adding built-in Tor support for improved private browsing [Last Updated On: October 2nd, 2014] [Originally Added On: October 2nd, 2014]
- Download Tor Browser Windows 3.6 Keygen Crack [No Survey] - Video [Last Updated On: October 2nd, 2014] [Originally Added On: October 2nd, 2014]
- Tor Browser Bundle: Download & Start - Tutorial deutsch - Video [Last Updated On: October 4th, 2014] [Originally Added On: October 4th, 2014]
- Morsay Enqute exclusif les combats de Rue - Video [Last Updated On: October 5th, 2014] [Originally Added On: October 5th, 2014]
- With This Tiny Box, You Can Anonymize Everything You Do Online [Last Updated On: October 13th, 2014] [Originally Added On: October 13th, 2014]
- Tor Browser Cheat TankPit - Video [Last Updated On: October 13th, 2014] [Originally Added On: October 13th, 2014]
- Anonabox plug-and-pay router wants to bring Tor to the masses [Last Updated On: October 15th, 2014] [Originally Added On: October 15th, 2014]
- Anonabox Promises Total Online Anonymity That's Easy, Open Source, and Cheap [Last Updated On: October 15th, 2014] [Originally Added On: October 15th, 2014]
- Investors flock to tiny device that promises online anonymity [Last Updated On: October 16th, 2014] [Originally Added On: October 16th, 2014]
- This tiny box anonymises all your online actions [Last Updated On: October 16th, 2014] [Originally Added On: October 16th, 2014]
- How to run all your Internet's programs thru Tor Browser - Video [Last Updated On: October 16th, 2014] [Originally Added On: October 16th, 2014]
- Tails 1.2 : Released with Tor Browser 4.0 - Video [Last Updated On: October 21st, 2014] [Originally Added On: October 21st, 2014]
- Tor Browser Windows 3.6 Crack Download Free / Download No Survey 2014 - Video [Last Updated On: October 21st, 2014] [Originally Added On: October 21st, 2014]
- How to Use the Tor Browser Bundle - Video [Last Updated On: October 22nd, 2014] [Originally Added On: October 22nd, 2014]
- Access Blocked site using Tor Browser and chrome [2014] - Video [Last Updated On: October 26th, 2014] [Originally Added On: October 26th, 2014]
- Be Anonymous Online : TOR Browser - Video [Last Updated On: October 26th, 2014] [Originally Added On: October 26th, 2014]
- Tor Browser 4.0 is released | The Tor Blog [Last Updated On: October 27th, 2014] [Originally Added On: October 27th, 2014]
- Menggunakan TOR Browser - Video [Last Updated On: October 29th, 2014] [Originally Added On: October 29th, 2014]
- How to install and run TOR browser on Kali Linux - Video [Last Updated On: October 30th, 2014] [Originally Added On: October 30th, 2014]
- How to install and use the Tor browser in windows... - Video [Last Updated On: October 30th, 2014] [Originally Added On: October 30th, 2014]
- Setup Tor Browser on Mac OS 10 - Video [Last Updated On: October 31st, 2014] [Originally Added On: October 31st, 2014]
- Facebook Just Created a Custom Tor Link and That's Awesome [Last Updated On: November 1st, 2014] [Originally Added On: November 1st, 2014]
- How to Use Deep Web Using Tor Browser - Video [Last Updated On: November 1st, 2014] [Originally Added On: November 1st, 2014]
- Facebook opens up to Tor users with new secure .onion address [Last Updated On: November 1st, 2014] [Originally Added On: November 1st, 2014]
- How to use the Tor browser and the Open PGP applet - Video [Last Updated On: November 1st, 2014] [Originally Added On: November 1st, 2014]
- tor browser [MEDIAFIRE][NO SURVEY] - Video [Last Updated On: November 1st, 2014] [Originally Added On: November 1st, 2014]
- Facebookcorewwwi.onion ( Preview ) - Video [Last Updated On: November 2nd, 2014] [Originally Added On: November 2nd, 2014]
- How to use Tor for Facebook (Windows, Mac & Linux) [Last Updated On: November 4th, 2014] [Originally Added On: November 4th, 2014]
- Tor Browser Bundle - Secure your Web surfing - [Free Download] - Video [Last Updated On: November 5th, 2014] [Originally Added On: November 5th, 2014]
- The Law Scores a Victory Against Dark Net Denizens [Last Updated On: November 8th, 2014] [Originally Added On: November 8th, 2014]
- Tor Browser New 4 - Video [Last Updated On: November 9th, 2014] [Originally Added On: November 9th, 2014]
- How to (Install- Enable) Flash Player on Tor Browser - Video [Last Updated On: November 9th, 2014] [Originally Added On: November 9th, 2014]
- Tor Browser New 2 - Video [Last Updated On: November 9th, 2014] [Originally Added On: November 9th, 2014]
- Tor Browser New 1 - Video [Last Updated On: November 9th, 2014] [Originally Added On: November 9th, 2014]
- Developer edition and privacy are Firefoxs 10th birthday present for the world [Last Updated On: November 10th, 2014] [Originally Added On: November 10th, 2014]