Low Profile Living

[River Song]

(21 May 2013, 15:16)BeardyMan Wrote: Word of warning on TOR. You're only really disguised amongst other people in your LOCAL AREA who are using the TOR network. It wouldn't take long at all to find out exactly what you are up to if you are the only connection in your area (or even mux unit / distro) and you are traceable, regardless of what you read about TOR online. I presumed I was untraceable online using this, but turns out you're not.

No - I don't think so BM. Actually it is probably the reverse.

Assume that BT has given you the IP 81.121.51.12
You Run up TOR browser and request the URL "Forum.survivaluk.net"

The IP session from you to BT is en clair
However it then goes through all kinds of channels all over the world
and comes out on survivaluk.net's logs as something like 61.12.35.89.
There is no trackback and even if TPTB grab the server logs, all they see is 61.12.35.89.

And I'll send you the fatted calf if you can break the encryption

:-)

[BeardyMan]

(21 May 2013, 22:36)River Song Wrote:

(21 May 2013, 15:16)BeardyMan Wrote: Word of warning on TOR. You're only really disguised amongst other people in your LOCAL AREA who are using the TOR network. It wouldn't take long at all to find out exactly what you are up to if you are the only connection in your area (or even mux unit / distro) and you are traceable, regardless of what you read about TOR online. I presumed I was untraceable online using this, but turns out you're not.

No - I don't think so BM. Actually it is probably the reverse.

Assume that BT has given you the IP 81.121.51.12
You Run up TOR browser and request the URL "Forum.survivaluk.net"

The IP session from you to BT is en clair
However it then goes through all kinds of channels all over the world
and comes out on survivaluk.net's logs as something like 61.12.35.89.
There is no trackback and even if TPTB grab the server logs, all they see is 61.12.35.89.

And I'll send you the fatted calf if you can break the encryption

:-)

Taken from:

https://www.torproject.org/download/down...en#Warning

Quote:Want Tor to really work?

You need to change some of your habits, as some things won't work exactly as you are used to.

Use the Tor Browser

Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser Bundle. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with the Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.

Don't enable or install browser plugins

The Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into the Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy. The lack of plugins means that Youtube videos are blocked by default, but Youtube does provide an experimental opt-in feature (enable it here) that works for some videos.

Use HTTPS versions of websites

Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, the Tor Browser Bundle includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website.
Don't open documents downloaded through Tor while online
The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.

Use bridges and/or find company

Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!

I'm not saying it's useless, I use it all the time, just a word of warning that you are not as anonymous as you may have been led to believe.