All About Tor

torproject.org

Agenda

• Fill in this section with your agenda for the day to help your audience stay focused!

torproject.org

Before we begin…

• Do you use Tor?
• If not, why?
• If yes, do you have questions or concerns?
• Do you teach others about Tor?

torproject.org

Introduction to Tor

torproject.org

What is Tor?

• It’s Tor (not capitalized).
• The goal is to have a way to use the internet with as much privacy as possible:
1. by routing traffic through multiple servers; and
2. by encrypting it each step of the way.
• Hence the term “onion routing”.
• Tor provides anonymity, mitigating against surveillance and censorship.

torproject.org

Different ways of defining Tor

• Tor ⇒ free software created at NRL starting 2001/2.
• Tor ⇒ an open network of ~9,500 nodes – anyone can join!
• Tor ⇒ a browser that connects you to the Tor network.
• Tor ⇒ a US non-profit formed in 2006.
• Tor ⇒ a community of volunteers, researchers, developers, trainers, advocates from all over the world.

torproject.org

Why do we need Tor?

• To resist government mass and targeted surveillance.
• To securely bypass Internet censorship.
• To counter the business model of the Internet: big data, advertising, non-consensual tracking.

torproject.org

Why do we need Tor?

• Let’s discuss the work you do:
• Who are your adversaries?
• What challenges do you face?
• Do you have mitigation strategies?
• Where can Tor help?

torproject.org

little-t Tor or core Tor

• Tor is the network daemon (i.e. a computer program):
• Presents a SOCKS or http proxy
• Provides location and source anonymity, similar to a VPN or regular proxy (but better!)
• Network of relays in many parts of the world.

torproject.org

Connecting through HTTP

Image source: eff.org

torproject.org

Connecting through HTTPS

Image source: eff.org

torproject.org

Connecting through VPN

Image source: eff.org

torproject.org

Connecting through Tor and HTTPS?

Image source: eff.org

torproject.org

Who can see your activity through HTTP?

Image source: eff.org

torproject.org

Who can see your activity through HTTPS?

Image source: eff.org

torproject.org

Who can see your activity through Tor and HTTPS?

Image source: eff.org

torproject.org

How relays work

Like a VPN, Tor Relay 1 knows where you’re coming from.

​

Unlike a VPN, it has no idea where you’re going because the final destination is wrapped in layers of encryption.

Your ISP (or anyone who intercepts the signal) only knows you’re sending data through the Tor network.

Relay 2 doesn’t know the original source or the ultimate destination.

torproject.org

A growing network of relays

• Tor relays and bridges are run by volunteers from around the world, including individuals, NGOs, and companies.
• They form the backbone of the Tor network.
• Today we count: 7000+ relays and 2660+ bridges.

torproject.org

About Tor Browser

torproject.org

What is Tor Browser?

• Just like any other browser (Chrome, Firefox, Safari, Yandex) except it does not expose traffic.
• Traffic is encrypted and bounces through three random volunteer-run nodes called relays.

torproject.org

What is Tor Browser?

• Tor Browser = little-t tor + patched Firefox
• Anyone snooping can’t see the websites you visit.
• Websites can’t track you or see other sites you visit (cross-tracking).
• Prevents other privacy violations like fingerprinting or third-party cookies.
• Writes nearly nothing to disk.
• No browser history.
• Cross platform: Windows, macOS, Linux and Android.

torproject.org

Multilingual Browser

• Tor Browser is available in 37 languages in a single multi-locale download, which can be changed using the menu in General settings: https://www.torproject.org/download/languages/
• Tor Browser manual is a user-friendly guide for novice users and is also multilingual: https://tb-manual.torproject.org/

torproject.org

Downloading Tor Browser

• The safest way to download is from: https://torproject.org
• Downloading Tor Browser from a non-official source is dangerous!
• If https://torproject.org is blocked, try mirrors
• https://tor.eff.org/
• http://tor.calyxinstitute.org/ (if HTTPS is blocked)

torproject.org

Bypassing censorship of torproject.org

• Tor Project website and mirrors could be blocked on your network making it more difficult to download Tor Browser.
• Alternative
• Emailing GetTor to receive links to download Tor browser: gettor@torproject.org (from a Gmail or Riseup email)
• Messaging @GetTor on Telegram: https://t.me/gettor_bot

torproject.org

Running Tor Browser for the first time

torproject.org

Choose to connect to Tor automatically

torproject.org

Using Tor Browser

• Default search engine: DuckDuckGo
• Bundled with privacy-preserving extensions such as NoScript.
• You should not add any other extensions nor enable any plugins!
• Advice: websites won’t know anything about you unless you login and tell them (e.g. logging into Facebook).

torproject.org

Clicking on the padlock will show your current Tor circuit (and “New Circuit for this Site” option)

torproject.org

Updating Tor Browser

Every update brings new features and resolves security vulnerabilities.

torproject.org

Uninstalling Tor Browser

• Uninstalling Tor Browser is as easy as moving the folder to the trash! Then, emptying the trash.
• Default Tor Browser folder locations:
• Windows: Desktop
• Linux: home, or look for a name like “tor-browser_en-US”
• MacOS: Move the Tor Browser application to Trash and also the TorBrowser-Data folder (~/Library/Application Support/)

torproject.org

Troubleshooting Tor Browser

• Is your system clock correct?
• Is the browser already running?
• Are you being censored?
• Is your antivirus or firewall blocking Tor?
• Do you have a very old operating system?
• Try uninstalling and reinstalling
• Get help at https://support.torproject.org

torproject.org

What to do when Tor is blocked

torproject.org

When the connection to Tor is censored

• Direct access to Tor may be blocked by some Internet Service Providers and governments.
• Tor Browser includes circumvention tools for getting around these blocks called bridges.
• Bridges are relays that are private and harder to block.

torproject.org

Meet “Connection Assist”

• Connection Assist is a new feature for users burdened by censorship.
• When Tor is blocked, Connection Assist will offer to automatically apply bridge configurations that might work best in a user’s location.
• Users can still configure settings manually!

torproject.org

“Connection Assist” helps users configure bridges

torproject.org

torproject.org

Configuring bridges manually

• You can get bridges from:
• Tor Browser: “Select a Built-In Bridge” on Tor Browser
• Tor website: https://bridges.torproject.org
• From a trusted source:
• Telegram: https://t.me/getbridgesbot
• By sending an email to bridges@torproject.org from Gmail or Riseup

torproject.org

Pluggable transports

Pluggable transports can be used like bridges to disguise Tor traffic (also called “built-in bridges”). Main types of pluggable transports:

• obfs4: makes Tor traffic look random; works in many situations (if not, try meek-azure).
• meek-azure: makes it look like Microsoft traffic; works in China.
• snowflake: proxies traffic through temporary proxies using WebRTC. See: https://snowflake.torproject.org.

torproject.org

Snowflake

• Snowflake helps you avoid being noticed by Internet censors by making your Internet activity appear as though you're using the Internet for a regular video or voice call.
• Unlike VPNs, you do not need to install a separate application to connect to a Snowflake proxy and bypass censorship.
• It is usually a circumvention feature embedded within existing apps: Tor Browser, Onion Browser, and Orbot.

torproject.org

Bridges and pluggable transports

torproject.org

Bridges and pluggable transports

torproject.org

Choose a bridge from one of Tor’s built-in bridges

torproject.org

Request a bridge from torproject.org

torproject.org

Enter a bridge address you already know

torproject.org

Bridge cards

Saved bridges appear in a handy stack of bridge cards including new options for sharing bridges too.

torproject.org

Open Observatory of Network Interference

• Open Observatory of Network Interference: https://ooni.org/
• Country-level reports of specific online censorship tools in use.
• Explore aggregated reports: https://explorer.ooni.org/
• Or use your own OONI Probe to measure Internet censorship: available in App Store and Google Play.

torproject.org

More Tor Browser

torproject.org

torproject.org

Connection Settings

Connection settings include connection statuses, censorship mitigation options, access to Tor log, etc.

torproject.org

HTTPS-only mode

HTTPS-Only Mode is enabled by default for desktop and HTTPS-Everywhere is no longer bundled with Tor Browser.

torproject.org

Security Slider

Recommended security level: safer or safest.

torproject.org

NoScript

Not advisable to change settings in the NoScript “options” menu.

Adding sites to the “whitelist” can result in fingerprinting.

Instead, “temporarily trust” blocked objects, or use security slider (Standard, Safer, Safest).

torproject.org

DuckDuckGo

DuckDuckGo is the default search engine in Tor Browser.

Using Tor Browser prevents DuckDuckGo from tracking users, even if they wanted to (they claim not to).

https://www.duckduckgo.com/ or https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/

torproject.org

Plugins, add-ons, JavaScript

• Do not add any new add-ons/extensions to Tor, and don’t enable any plugins.
• JavaScript is enabled by default, but is sanitized to preserve anonymity.
• To prevent possible JavaScript vulnerabilities, use the “safest” setting in the security slider.

torproject.org

Mobile Tor: Tor-powered apps

torproject.org

Things to know about mobile Tor

• The design of mobile devices makes full privacy impossible.
• Mobile Tor is best for censorship prevention.
• Can also provide better privacy for some threat models.
• We’re making it better all the time and better options for mobile devices are coming out soon.

torproject.org

Tor Browser for Android

• You don’t need to install two applications (Orbot and Orfox) anymore!
• Find it in the Play Store or in the Guardian Project repository in F-Droid.
• Or download .apk from: https://torproject.org/download/

torproject.org

Onion Browser for iOS

• Onion Browser is the Tor Browser for iOS.
• You can find it in the App Store.
• Be careful: lots of fake Tor Browsers available for iOS!
• Notes: app is rudimentary and tends to crash on sleep.

torproject.org

Orbot: Tor VPN

• Orbot routes mobile apps’ traffic through Tor, you can select specifically which apps to run through Tor.
• Orbot is available on iOS and Android.
• Developed and maintained by the Guardian Project: https://orbot.app/

torproject.org

More on Orbot

Image source: Guardian Project

• Toggle “VPN mode” on main screen.
• Then click “Orbot-enabled apps”.
• Then select the apps you want to proxy with Tor.
• You can also choose your exit country if you want (but note that some countries don’t have exits relays).

torproject.org

What are Onion Services?

torproject.org

• The regular internet allows adversaries to see what you are sharing and with whom, whether you're using Dropbox etc, downloading it from email or through your browser...
• ...so Tor devised a sneaky way to hide both the file data and the related metadata!

torproject.org

• Onion Services are online services that are only available through the Tor network.
• An Onion Service connects to a rendez-vous node/relay inside the Tor network; and the user wanting to connect to it does the same.
• As a user, you never leave the Tor network when visiting an Onion Service.
• Onion Services provide end-to-end encryption: both visitor and website use Tor (without HTTPS).

torproject.org

OnionShare

• Secure, private, anonymous file sharing done easy, built on top of the Tor network.
• Uses onion services to securely send files.
• Creates an onion service where the file can be downloaded.
• No need to trust third parties like Dropbox.
• All communication happens on the Tor network.
• Download from: https://onionshare.org/

torproject.org

Step 1: Download OnionShare

• Available on: Windows, macOS, Linux.
• Download: https://onionshare.org/

torproject.org

Step 2: Select “Share Files”

• In the “Share Files” section, click “Start Sharing”.
• Your contacts only need to have Tor Browser installed.

torproject.org

Step 3: Upload your file

• Drag and drop the file into the folder into the section.

torproject.org

Step 4: Share your file

• Once the file is added, click on “start sharing”
• Tip: To allow downloading more than once, e.g. for you group, uncheck the first box.

torproject.org

Step 5: Copy and share the address and key

• Copy the address and share it with the intended recipient (e.g. via email).
• Copy the private key and share it to the same recipient, preferably through a different channel (e.g. via instant messaging).

torproject.org

Step 6: Download through Tor Browser

• The recipient can download the file through Tor Browser by entering the address and key in the URL bar.
• Tip: you must keep your OnionShare window on your device open as long as you want people to download your file.

torproject.org

Step 7: Check download progress

• When they finish downloading, you’ll see a notification alert in OnionShare’s history.

torproject.org

Help using Tor

torproject.org

Useful links

• Tor Project Forum: https://forum.torproject.net/
• Tor Browser Manual: https://tb-manual.torproject.org
• Mailing lists: https://lists.torproject.org/
• Support portal: https://support.torproject.org/
• Community team: https://community.torproject.org/
• Connect with us on the IRC OFTC network, channel #tor (bridged to Matrix)

torproject.org

Support channels

If you need support with anything that has to do with Tor, reach out on the following channels:

• Email: frontdesk@torproject.org
• Telegram: https://t.me/torprojectsupportbot
• WhatsApp: https://wa.me/447421000612
• Signal: https://signal.me/#p/+17787431312

torproject.org

Report bugs! 🐛

• Open a discussion in the Tor Project Forum: https://forum.torproject.net/
• Report on the Tor Project GitLab: https://gitlab.torproject.org/
• Create a login: https://gitlab.onionize.space/
• Search for your issue to find any existing tickets.
• If no ticket was opened, open a new ticket with detailed description of the problem.

torproject.org

Thank you!

torproject.org