A few privacy notes regarding TOR

TOR logoI had a couple of discussions in the last weeks with various people about anonymity and privacy on the internet. Since TOR is a tool to maintain privacy it deserves some words how avoid user-errors you could make while using TOR. Interestingly those errors are not only of technical, but also of human/social nature.

I’d like to point out a few Do’s and Don’ts and points you should keep in mind when using the TOR-network.

Do’s:

  • Clear Private Data: Before and after using TOR flush your cache and delete all cookies. In Firefox you just need to press “CTRL+SHIFT+Del” or go to “Tools -> Clear Private Data”.
  • Call up links manually: If you visit a website where you find a link which you want to access with TOR, copy the link and insert it manually into the address-bar; this prevents a referer to be send to the host you want to visit. Again: Copy link; Clear Private Data; enable TOR; open new Tab; insert link.
  • Configure SOCKS correctly: If you use Firefox and a SOCKS-connection, be sure to set Firefox’s variable network.proxy.socks_remote_dns to true – if you forget that you’re leaking the name of the server you want to connect to to the DNS-system.
  • Close all tabs before proceeding: If you’re using Switchproxy and enable TOR, be sure that all Tabs are closed; all tabs get reloaded, and if session-ids were encoded in the URL, the remote host got your new (TOR) IP-address.

Don’ts:

  • Never send personal data: Do never ever enter any personal data into any website while using TOR. TOR’s intention is to hide your identity, so never enter private information. You can do that during normal surfing withotu TOR.
  • Never send usernames/passwords: Never ever enter any usernames or password trough non-SSL connections. The TOR-exit-node could sniff on his network-interface and grab the username/password pair.
  • Don’t trust TOR fully: Do not forget that the TOR-network is run by volunteers and that there’s absolutely no guarantee that one or more nodes could be compromised. Do not totally rely on TOR if it could endanger your or others life or property.

If you have any questions or suggestions, you’re welcome to use the comment-function.


Creative Commons License
This work is licensed under a Creative Commons Attribution 2.5 License.

Tech Tags:

6 Responses to A few privacy notes regarding TOR

  1. nuclcear says:

    Hello.

    Hope this is the right place to start. These “do’s and don’ts” are very helpful to me. They point up a couple of things, out of many, that I hope to learn about. In your “do’s” you say to configure SOCKS correctly. I am using Firefox, Mac OS X Tiger, with Tor/Vadalia/Privoxy.

    Is this configuring done with Terminal, because I am beginning to gather from all the FAQ’s, Manuals, papers and link referrals I am trying to peruse, that this is where this “Command Line” stuff is done? I have never used Terminal and maybe I need to learn how.

    Anyway, where can I find out what Firefox’s (your suggestion),
    “variable network.proxy.socks_remote_dns” is, so that I may
    change it to “true” ?

    Is this in Firefox’s Preferences “connect to internet” settings?
    Right now they look like: Manual proxy configuration is checked
    HTTP Proxy: localhost Port: 8118
    SSL Proxy: localhost Port: 8118
    SOCKS Host: localhost Port: 9050
    SOCKS v5: is checked
    No Proxy for: localhost, ###.#.#.#
    FTP & Gopher Proxies: left alone
    My proxies in my Mac’s Network Preferences are set according to the Tor website settings (for Safari), with passive FTP.

    Again, I hope this was all right to comment and post this request here. I came upon this site while searching for answers to using Tor, et al. because, actually, I was directed here by Tor because of being rerouted by my browser, while Tor was enabled. Found a site that posted that exact same problem, asked Tor about it and they sent me here.

    I guess when using Tor/Firefox, “Cookies” need to be on?

    Okay. Thanks.

  2. Hi nuclcear,

    to set the variable “network.proxy.socks_remote_dns” open a new empty tab in your Firefox, with CTRL+T.
    In the URL-bar, where you’d give an URL like http://tor.eff.org/, you have to type “about:config”. Then type “network.proxy.socks_remote_dns” into the “filter” field.
    Double-click onto the entry until the value of “Value” is set to “true”.

    Regarding the cookies-thing: Cookies itself yre not harmful as long as you don’t forget to wipe out your personal data before and aftezr using TOR, also flushing the cookies.

    If you still have questions, ask them here or write me an email.

    Hope that help,
    Alex.

  3. JT says:

    Make things a little easier on yourselves Bookmark your “about:config” that way if you ever want to get in there it’s just a click away.

  4. JT says:

    If anyone is wondering about true Tor privacy check this out, it gets pretty deep but Tor IS pretty deep.

    LOCATING HIDDEN SERVERS
    http://www.onion-router.net/Publications/locating-hidden-servers.pdf

    If you don’t want to click a link then just Google the title.

  5. […] über den lokalen Internetzugang (also z.B. die Nameserver des Zugangsproviders) aufgelöst. (Quelle), siehe auch […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: