Internet privacy and security
Posted By RichC on June 26, 2011
Although I’ve not been overly concerned with “my personal” Internet browsing and how my habits are being watched, I am conscious that more and more of online habits are being tracked and marketed to interested parties. It does seem a bit intrusive.
After reading a few more articles on the subject the use of https and proxy servers (along with eliminated cookies and using “private” features on browsers), I decided to give the Tor Project and Firefox HTTPS Everywhere extension a try this weekend. The install went surprisingly well and within minute I was up and browsing at a local hotspot in a relatively secure mode … although significantly slower. It seems the relaying of packets through servers around the world can really slow down speeds (duh). Anyway, I’m not sure this method is necessary for most of us, but for those working to get information and messages from a few less than friendly locations around the world, perhaps using packet encryption and rerouting can keep information flowing and users secure?
The name "Tor" can refer to several different components.
The Tor software is a program you can run on your computer that helps keep you safe on the Internet. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. This set of volunteer relays is called the Tor network. You can read more about how Tor works on the overview page.
The Tor Project is a non-profit (charity) organization that maintains and develops the Tor software.
How is Tor different from other proxies?
A typical proxy provider sets up a server somewhere on the Internet and allows you to use it to relay your traffic. This creates a simple, easy to maintain architecture. The users all enter and leave through the same server. The provider may charge for use of the proxy, or fund their costs through advertisements on the server. In the simplest configuration, you don’t have to install anything. You just have to point your browser at their proxy server. Simple proxy providers are fine solutions if you do not want protections for your privacy and anonymity online and you trust the provider from doing bad things. Some simple proxy providers use SSL to secure your connection to them. This may protect you against local eavesdroppers, such as those at a cafe with free wifi Internet.
Simple proxy providers also create a single point of failure. The provider knows who you are and where you browse on the Internet. They can see your traffic as it passes through their server. In some cases, they can even see inside your encrypted traffic as they relay it to your banking site or to ecommerce stores. You have to trust the provider isn’t doing any number of things, such as watching your traffic, injecting their own advertisements into your traffic stream, and recording your personal details.
Tor passes your traffic through at least 3 different servers before sending it on to the destination. Because there’s a separate layer of encryption for each of the three relays, Tor does not modify, or even know, what you are sending into it. It merely relays your traffic, completely encrypted through the Tor network and has it pop out somewhere else in the world, completely intact. The Tor client is required because we assume you trust your local computer. The Tor client manages the encryption and the path chosen through the network. The relays located all over the world merely pass encrypted packets between themselves.
Comments