Tor noob...

As a 'newbie' to all this security stuff, I've been experimenting with the Tor/Vidalia/Privoxy bundle using Firefox with a firewall and any potential leaks plugged: java, Rss feeds, SSL etc. If I download a file through Tor called 'Security access codes.rar' is that recorded on my ISP server logs as...

1 Security access codes.rar

2 xxxxxxxx xxxxxx xxxxxx.xxx

In other words does Tor encrypt the file names all the way to your download folder? Thx.

 

Hi zero_Phil,

Make sure that in the FF about:config web page, network.proxy.socks_remmote_dns is True when Torbutton is enabled in order to prevent DNS leak to your ISP, otherwise, Tor encrypts the download request at exit node which lasts until it is on your computer - i.e. the ISP will not know what the file is unless your ISP does Deep Packet Inspection and is willing to invest the time and resources in decrypting your download packets (unlikely).

Also, if your Tor exit node is run by your ISP, it is possible to know the file you have downloaded, but unless the ISP invests time and computer resources to do a traffic analysis to connect your computer to the exit node's traffic, it will not know what file you have downloaded.

Further, for regular web browsing (Torbutton disabled) use an entirely different profile with FF than when using Tor (Torbutton enabled). Never use Tor without Torbutton/FF for privacy.

-- Tom

 

Thanks lotuseclat79 - I do not use Torbutton and I am using Firefox v2.0 which I have tweaked with instructions from another security site (can't remember which one). I will check the network.proxy.socks_remmote_dns setting to see if it needs changing. Many thanks for your advice.

 

Hi zero_Phil,

You need to upgrade to at least version 3.6.16 of Firefox if not FF 4.0 for security reasons is nothing else - staying with FF 2.0 is not safe, and neither is using Tor without Torbuttion for FF. Don't forget to check the network remote DNS setting (mentioned in post#2 - about:config)!

-- Tom

 

I recommend you updating to the latest Tor browser bundle here: http://www.torproject.org/projects/torbrowser.html.en

Also to me the best way to use Tor is through JanusVM. I know its a little advanced but if you use JanusVM EVERY connection from your computer while be routed through the Tor network. That way you dont have to worry about Flash, Java or some other program revealing your real IP. It basically creates a VPN that is connected to Tor. You can check out JanusVM here: -http://janusvm.com/-

For info on how to setup see here: -https://themostboringblogintheworld.wordpress.com/2006/10/18/how-to-have-high-speed-internet-anonymity-with-vmware-and-janusvm-downloads/-

Even if you don't use JanusVM i definitely recommend you updating to the latest Tor bundle though.

 

If you want to use a different browser without Torbutton, read thru this thread.
Tor has changed a bit since then, as have the browsers, but the basic instructions still apply.
Also see https://www.wilderssecurity.com/showthread.php?t=87678

 

Hi noone_particular,

When I logged onto the Tor IM channel recnetly to ask some questions, they recommended never ever to use Tor without Torbutton in order to stay safe. So, I would not recommend using Tor without it.

-- Tom

 

Many thanks lotuseclat79, markedmanner and noone_particular: looks like I will need to ditch my trusty Firefox 2.0 setup and also do some research on other items mentioned in your replies.

 

That is to be expected. They can't vouch for any setup that they haven't built or tested. The Torbutton is by far the easiest way, if you're a Firefox user. If you're not, setting up to eliminate data leaks takes more work and planning, but it can be done, and the user gets a better understanding of the whole process and how it all works together.

This doesn't have to be a choose one or the other option. I use SeaMonkey as my default browser and have 3 different versions installed, each in it's own folder (Seamonkey1, Seamonkey2, Seamonkeybeta). They co-exist just fine. It might work with FireFox as well. As long as you make a full system backup first, there's no risk in trying it. If it works, you still have the version you like, FF-2, and the more recent one with Torbutton. If it doesn't work, the system backup will get you back to where you started from.

 

Like noone_particular's setup, different versions of Firefox can exist in /usr/lib (i.e. for Linux), just name them according to the followng scheme per their directory name:
/usr/lib/firefox-3.6.16
/usr/lib/firefox-4.0
/usr/lib/firefox-2.0.16

Then in /usr/bin do the following depending on which version you want to run:
ln -s ../lib/firefox-4.0/firefox firefox-4.0
ln s firefox-4.0 firefox

This will link up your Firefox icon you click on to start Firefox.

To change the version of Firefox you want to run do the following in /usr/bin:
rm -f firefox
ln -s firefox-2.0.16 firefox
which makes Firefox version 2.0.16 the current executable for running Firefox.

Note: You must do these commands with root admin account access.

Further, the profile of Firefox 9at least in Linux is in the /home/useraccountname/.mozilla directory. If you have a different profile for each different version of Firefox, then you need to manage then with different "holding" names and put them into place when you have just changed the version of Firefox you are running per the scheme described above.

I do not know about how to setup a similar scheme for Windows use of Firefox, but assume it could be done.

-- Tom

 

If Firefox works the same as SeaMonkey (both Mozilla browsers) installing each into its own uniquely named directory should be sufficient.

There's another possibility that should make this easy. A portable version of FireFox on a flash drive, or in its own folder on the desktop.

 

What about for Opera web browser? I have a portable installation of Tor + Vidalia. I turn off cookies, javascript, plugins via the F12 menu and yet Decloak still reveals my real IP address (however, 'what is my ip' type websites seem fooled) What am I doing wrong?

 

It could be many things. One I noticed there is the test trying to get the browser to make a direct connection that bypasses Tor. What real information did the test collect from you?

 

When you know what your true IP address is use either the Tor check web page to verify that you are using Tor properly, and/or use something like myipinfo.net - and you should get a different IP address than your actual one.

Turn off java, and if NoScript works with Opera use it to control what level of javascript is needed to view a website. See: Firefox's NoScript for Opera (or all browsers).

-- Tom

 

Thanks for the info. I now run Opera through Sandboxie and my real IP address isn't leaked anymore. I think it was that part of the decloak test where a word document was opened. When that happens sandboxie blocks the connection now. I also carry out dns leak test with satisfaction.