23 comments

[ 4.4 ms ] story [ 56.5 ms ] thread
Can someone please explain Tor? Ive never heard of it and their blog doesn't say much about what it physically does? Is it access to the internet or just an internal Iran Internet for the underground?
On the linked page, look to the right column and find the "Tor in a minute" section.
Tor is an anonymizer. It exists to prevent authorities, isps, or other snoops from being able to see what web-sites you visit. Its VPN-like qualities also make it good for circumventing blocklists that work via banned destination site lists.

It does this by routing all(1) of your traffic through a series of constantly shifting peers that don't keep records or logs and don't use standard http ports.

Instead of YOU->ISP->Yahoo your traffic looks like YOU(encryption)->BOB->ALICE->STEVE(decryption)->Yahoo. Your ISP (and therefore your rotten government) only sees you make an encrypted connection to Bob, not a web request to yahoo. The chain is long enough that its really tough for anyone in the chain to figure out who you are and what your final destination is.

(1) Tor can be tricky to set up and know its working properly for the uninitiated. It can... leak if set up wrong, and certain protocols (like all UDP) are not well supported.

Is there any precedent for legal prosecution against STEVE in case the originator is browsing something more nefarious than Yahoo?

I know the "unsecured wireless AP" defense has been used with varying success but I'm wondering if any Tor peers have ever been prosecuted...

>It exists to prevent authorities, isps, or other snoops from being able to see what web-sites you visit. Its VPN-like qualities also make it good for circumventing blocklists that work via banned destination site lists.

Well, yes and no. It was developed by US Naval Intelligence to provide a way for agents to get information to their handlers without compromising themselves. Yes, it performs the roles you specify, but that's not why it exists.

Tor is an encrypted network that runs on top of the Internet. One feature of Tor is that you can use another Tor user as a web proxy. This allows people whose Internet connection is censored, but who can connect to the Tor network, to get uncensored web access. When you send a packet through Tor, the intermediate nodes don't know who sent it or who it's going to, which in many cases makes it more secure than your plain Internet connection.
Tor is a practical implementation of Onion Routing[1] and its original purpose was for secure and anonymous communication. It does this by relaying data over multiple nodes called "Onion Routers."

These routers are themselves Tor software run by volunteers around the world.

Tor has been increasingly used to circumvent censorship and there's active research in this area. Roger Dingledine was one of the original authors and he is an excellent speaker. Here's a video that you might like: http://vimeo.com/8023776.

EDIT: [1] http://en.wikipedia.org/wiki/Onion_routing

A tidbit I found interesting:

WikiLeaks Was Launched With Documents Intercepted From Tor http://www.wired.com/threatlevel/2010/06/wikileaks-documents...

This is an important point for the uninitiated: Tor is anonymous, but not secure. Only send data if (1) you do not care if it is intercepted, as long as (2) it can't be traced back to you.
I thought one of the more dangerous threats in Tor was the possibility of someone running compromised exit (or entry) nodes? Why didn't they do that instead of blocking it?
When you're using Tor, you should be assuming the nodes involved are evil.

Chances are most governments already do run their own nodes.

Considering the US Navy developed it, and the US Intelligence agencies continue to use it regularly, that's a safe bet.
Then you only have a 1/N chance of capturing affected traffic, where N is the (fairly large) number of entry or exit nodes.

Also, Tor changes which entry and exit nodes you use on occasion (about every few minutes, if I recall).

Also, if you communicate through properly encrypted protocols, the exit node won't get anything interesting to see.
Which is easier said than done. For web traffic, the site has to use https for everything. Secondly, the site has to secure their cookies from being sent over http, either by using HSTS with the includeSubDomains flag, or the "secure" cookie flag. Thirdly, you have to assume that the exit node isn't using a forged certificate from a compromised CA. Fourthly, you have to assume that the entity running the exit node doesn't have a zero day vulnerability for your browser, which they can deliver to you as soon as you make any http request to any site.
The Tor client selects a small list of "Entry Guards" and uses only them as entry nodes. I think this change was made two-three years ago.

This was done to prevent the problem whereby anyone using Tor for long enough would eventually connect to all entry nodes, allowing anyone else to set up an entry node to gather a list of most of the persistent Tor users.

If someone runs an entry node, they get to see the IP addresses of 1/N of Tor users, how much data the users send and receive, and when. But they don't get to see what data the users are sending and receiving, or even what exit node they're using. If someone runs an exit node, they get to see (and filter) what data 1/N of Tor users are sending and receiving, and when, but they don't get to see who those users are, or even what entry node they're using. And the data they see can still be encrypted; e.g. connections to Gmail will use TLS/SSL, so even the exit node doesn't get to steal your mail.

So that may be why.

Compiling a small list of Tor users and grabbing un-protected data could still be substantial though.
Well, the main hurdle isn't technology, it's always politics.

Tor might have fixed the block, but an Iranian using the system could still be imprisoned by the government for using it...