“If you’re not using Tor you’re doing it wrong.”
Christopher Sheats is an Encryption Evangelist
volunteer at the ACLU of Washington
sources
“Use Tor Browser, or harden Firefox, for privacy?”
https://yawnbox.com/index.php/2016/01/04/use-tor-browser-or-harden-firefox-for-privacy/
“Comparing HTTP, HTTPS, VPN, and Tor with “snail mail” metaphors”
https://yawnbox.com/index.php/2015/10/25/comparing-http-https-vpn-and-tor-with-snail-mail-metaphors/
http / postcard
http / postcard
you → http://bbc.co.uk
https / letter
https / letter
you → https://yandex.ru
virtual private network… 1-hop proxy
message, sender → mail proxy → recipient
content, sender → traffic proxy → recipient
vpn / postcard
you → ipredator → http://amazon.com
vpn / letter
you → ipredator → https://wikipedia.org
vpn circuits
the onion router… 3-hop proxy
message, sender → 1st mail proxy → 2nd mail proxy → 3rd mail proxy → recipient
content, sender → guard relay → middle relay → exit relay → recipient
tor / postcard
you → tor → http://ebay.com
tor / letter
you → tor → https://twitter.com
tor circuits
tor circuits
Users, relays, and services diversity and volume are critical.
ads
nsa
vs.
“I could build a dossier on you. You would have a unique identifier, linked to demographically interesting facts about you that I could pull up individually or en masse. Even when you changed your ID or your name, I would still have you, based on traces and behaviors that remained the same — the same computer, the same face, the same writing style, something would give it away and I could relink you. Anonymous data is shockingly easy to de-anonymize. I would still be building a map of you. Correlating with other databases, credit card information (which has been on sale for decades, by the way), public records, voter information, a thousand little databases you never knew you were in, I could create a picture of your life so complete I would know you better than your family does, or perhaps even than you know yourself.”
"Spy agencies are keen to find any available way to recognize a particular user by their devices’ behavior on the Internet, and that cookies sent with unencrypted web requests are one of the easiest and most straightforward ways of picking out an individual device even as it moves from network to network."
vpn behavior
vpn behavior
vpn behavior
Use a VPN and log into any of your online accounts and you are now probabilistically associated with your provider and a limited IP subnet.
If your VPN provider claims they do not retain data, National Security Letters, which typically contain gag orders, can force your provider to lie.
tor behavior
tor behavior
tor behavior
Users, relays, and services diversity and volume are critical.
onion services
you → tor ← http://www.propub3r6espa33w.onion
onion services
"Users should be the ones who get to choose what sort of security properties they want. It shouldn't be about what the website thinks the users should have."
onion services
“Tor onion services: more useful than you think”
https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think
“State of the Onion”
onion services behavior
onion services hosting
“Tor Hidden (Onion) Services Best Practices”
https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices
“Building Enterprise Tor Onions: Tips and Notes”
https://storify.com/AlecMuffett/tor-tips
“How to Get a Company or Organisation to implement an Onion Site, i.e. a Tor Hidden Service”
tor browser
“How to: Use Tor for Windows”
https://ssd.eff.org/en/module/how-use-tor-windows
“How to: Use Tor on Mac OS X”
tor browser
tor applications
questions?
use Tor, kthxbi