Using Tor to Anonymize Your Traffic (and setting up Tor in Arch Linux)

There are many, many aspects of security, and the only way to be highly secure is to always be learning, tweaking, watching, taking precautions, applying updates, thinking out side of the box, etc. etc. etc. Security holes can be hidden anywhere, from the deeply complex software exploit in some application you use, to the seemingly junk mail you threw in the wastebin.

This article is focused on one particular, narrow, but highly-important aspect of security: anonymizing your Internet traffic. Really, that’s a broad topic in and of itself, thus the narrow indicates that we probably aren’t covering everything. Don’t go acting stupid and thinking these steps make you invincible!

Among others, Arch is a Linux distro I love. There are many distros, with their pros and cons, their ups and downs, their quirks, their special purposes, and so forth. I’m definitely not saying Arch is the end-all of distros, but I find it to be quite excellent as a general-purpose, day-to-day desktop dsitro. So this tutorial uses commands based on the Arch package manager, pacman. If you don’t use Arch, compile from source or rtfm on your distro and use whatever package manager and configurations it has.

First, let’s create a fresh user. This gives us a fresh start in terms of user settings, and a sort of silo to play and experiment with privacy-intensive configurations without affecting our general-use user.

# useradd -m -g users -G audio,lp,optical,storage,video,wheel,games,power,scanner -s /bin/bash someuser

Now we want to add the wheel group to the sudoers file so that our new user can perform root tasks using sudo when needed. Type in:

# EDITOR="nano" visudo

and add the following line:

%wheel ALL=(ALL)

Great. Now our new user, “someuser” in this case, can perform commands as root using sudo. Lets get started.

First, we want to install tor. Tor is an onion-routing based proxy used to anonymize your browsing. Basically, each person running tor is also a node on the tor network. Your tor client connects to a central server, gets a list of a couple of random nodes, and routes your traffic through those nodes. Each node has a public key, so your client encrypts your data multiple times, using each node’s key, in reverse order. So your data is encrypted for the last node first, then the second node, and finally encrypted for the first node. Then, each node decrypts its layer (thus onion routing) before passing your data to the next node. Once the data reaches the last node, called the “exit node”, it is back in its original, unencrypted form.

At this point, it’s quite difficult for anyone to determine where the data originated, unless of course the data itself contains information about the originator. End-to-end encryption is used between each hop for added protection, but again the data is back in its original form when leaving the last hop of the tor network and going back out to the public web. Use https and other end-to-end encryption between you and your recipient to protect sensitive data.

So, tor will help protect your incoming and outgiong data (routed through tor) from someone watching your outgoing infromation, like your ISP or a man in the middle. Data is encrypted at the application layer multiple times, so it’s pretty damn safe through the tor network until it hits the exit node. Keep in mind, you don’t know who the exit node is or who is watching it, and data is back in its original form at the exit node. If the data itself contains information that could link back to you, like name, address, location, email, accounts, and other personal identifiers, someone could read through the data and know it’s yours and what you’re sending/receiving. From a purely technical standpoint, though, there isn’t a very feasible way to trace the data to its origin in the transport or internet layers.

First, install tor:

$sudo pacman -S tor

Now  enable Tor DNS forwarder , this will allow tor to resolve your DNS hostnames through the tor network, helping to keep your browsing habits secret. (This resolves only A records):

#nano /etc/tor/torrc
 | DNSPort 9053
 | AutomapHostsOnResolve 1
 | AutomapHostsSuffixes .exit,.onion

restart tor:

#/etc/rc.d/tor restart

Now that tor is configured and running, we can configure applications to pump their data through it. In our browser, for instance, we can go to the network settings and run traffic through tor’s locally-running socks 5 proxy server:

127.0.0.1:9050

Some applications do not have options exposed to manually set a proxy to go through, so we can use tor-resolve and torrify on those. tor-resolve will resolve DNS records for domains (currently only A records), as DNS resolving itself happens independent of applications and can be telling of the sites we are visiting. torrify acts as a sort of wrapper around an application so that its network activity runs through tor. Here is an example using BitchX:

#tor-resolve <irc.server.domain>
#torify BitchX

Tor provides a pre-packaged Tor Browser which runs inside of a tor sandbox and comes bundled with Vidalia, a GUI tool for managing tor. Currently, a modified firefox setup is used, with NoScript and other plugins installed to prevent JavaSript, cookies, and so forth from leaking identifying information. Furthermore, it can be set (and is by default) to force sites to use https for end-to-end application-layer

$tar -xf tor-broswer.tar.bz
$cd ./tor-browser
$sudo ./start-tor-browser

NOW YOU CAN START READING ONLINE SAFELY :-)

Using tor, we get a nice layer of obfuscation that makes it very difficult (though theoretically possible) for anyone in the network to monitor our data and see what we are doing by sniffing network packets, and at the same time anonymizes us on the outside so that potentially malicious or invasive intruders on the other end cannot gather personalized information on us, such as our IP addressand hostname, which could be used to identify or locate us, among other things.

Here’s a few things to remember about tor:

  • tor’s efficacy largely depends on the number of nodes in the network. More nodes mean more random paths between nodes are possible, increasing the complexity of tracing the origin and reducing the feasability of theoretically possible attacks based on having a holistic view of the tor network. Also, because all traffic is encrypted in multiple layers and sent through multiple nodes, using tor can be slow at times. That said, be nice and give back by allowing tor to run even at times you aren’t using it, acting as a node for other people’s encrypted traffic to pass through. Additionally, don’t use tor for heavy data transfer – bit torrent and the like is typically frowned upon.
  • Exit nodes, and the people running running exit nodes (which is set by choice, not default) , are exposed to the outside internet. While historically not very problematic, it does put them in a position of risk as any data exiting from a given node can be linked to the person running it by his/her ISP. While it may not hold against them in court, it can put them in violation of the law, or their isp’s terms of use, if other torizens abuse the network. Don’t use tor to do anything illegal, unethical, or which might cause problems for an exit node operator. Use it to protect your right to privacy as a law-abiding citizen and your right protection from snoopers, scam artists, advertisers, and the like.
  • Tor is only one layer of obfuscation- data goes back to the public net in the same form that it came into tor. If you send out data which includes information that is not encrypted at the application layer, someone outside of the tor network can read it. Use end-to-end encryption in addition to tor, such as gpg, to protect transmissions between yourself and a known recipient, or use https to get end-to-end encryption over http.