Find the answer to your Linux question:
Results 1 to 6 of 6
Like Tree1Likes
  • 1 Post By fanderal
I ran across this today. I use duckduckgo and I'm going to download Tor! Do any LF members use Tor? Five tools to protect your privacy online...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Enthusiast cousinlucky's Avatar
    Join Date
    Dec 2005
    Location
    New York City
    Posts
    676

    Five Privacy Tools


    I ran across this today. I use duckduckgo and I'm going to download Tor! Do any LF members use Tor?
    Five tools to protect your privacy online
    PCLinuxOS Gnome and PCLinuxOS Mate
    Linux user # 414321
    You Should Not Give In To Evils, But Proceed Ever More Boldly Against Them!! -from book six of Virgil's Aeneid
    Everything Within The Universe Is Related; We Are All Cousins!!

  2. #2
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    383
    I do. You need to understand a few things about Tor before you get in to it. It is a wonderful tool.

    It has helped possibly tens if not hundreds of thousands of oppressed voices be heard from some pretty dark places in the world. But like any tool it can be and is abused.

    The "Tor net" has some pretty dark places in it. That area of the deep web has a lot of child porn in it. There are nodes that you will pass through that have been setup by both governments and individuals to spy on the traffic moving through them. There are also nodes which are set up to attemp to use the open communications link through your fire wall to inject malware in to your system. (More of a worry for doze users.) And a very, very few (but not zero) that are monitored by script kiddies who attempt to hijack the session and use it as a backdoor to crack your machine. (A worry for users on any OS.)

    You should NEVER use Tor for banking or any kind of financial transactions. Or put any personally identifing information out through Tor. Or any info of a critical / secure nature.

    You should never run Tor "naked"; i.e. directly on and from your system. Personally my Tor is in a use specfic VM built on my own custom, locked down *nix remix and run from behind / through a remote secure VPN proxy. If you crack my Tor session and back track me you hit a major wall somewhere overseas and depending on what server I'm using I look like I'm in one of a dozen european countries unless you are spiffier than the average script kiddie.

    Tor is actually no security or anonymity in and of itself. It is instead security through obfuscation; in other words, hiding in the crowd. The MOST important configuration parameter with Tor is to make sure that you set it up by the numbers so that you look just like everybody else on the network and therefore could be anybody other than yourself.

  3. #3
    Linux Newbie SL6-A1000's Avatar
    Join Date
    May 2011
    Location
    Australia
    Posts
    120
    Quote Originally Posted by Steven_G View Post
    I do. You need to understand a few things about Tor before you get in to it. It is a wonderful tool.

    It has helped possibly tens if not hundreds of thousands of oppressed voices be heard from some pretty dark places in the world. But like any tool it can be and is abused.

    The "Tor net" has some pretty dark places in it. That area of the deep web has a lot of child porn in it. There are nodes that you will pass through that have been setup by both governments and individuals to spy on the traffic moving through them. There are also nodes which are set up to attemp to use the open communications link through your fire wall to inject malware in to your system. (More of a worry for doze users.) And a very, very few (but not zero) that are monitored by script kiddies who attempt to hijack the session and use it as a backdoor to crack your machine. (A worry for users on any OS.)

    You should NEVER use Tor for banking or any kind of financial transactions. Or put any personally identifing information out through Tor. Or any info of a critical / secure nature.

    You should never run Tor "naked"; i.e. directly on and from your system. Personally my Tor is in a use specfic VM built on my own custom, locked down *nix remix and run from behind / through a remote secure VPN proxy. If you crack my Tor session and back track me you hit a major wall somewhere overseas and depending on what server I'm using I look like I'm in one of a dozen european countries unless you are spiffier than the average script kiddie.

    Tor is actually no security or anonymity in and of itself. It is instead security through obfuscation; in other words, hiding in the crowd. The MOST important configuration parameter with Tor is to make sure that you set it up by the numbers so that you look just like everybody else on the network and therefore could be anybody other than yourself.
    Some good points. If security and anonymity is what your after. Tor probably isn't your answer! Especially for the former more than the latter.

    You will get more security running a firewall (PC Firewall), an anti-virus suite (especially if Windows), and using things like VPN, proxies, web-browser add-ons (i.e. ghostery, adblock, foxyproxy, google & facebook disconnect) and even VM's, etc for pure internet surfing or for best results just don't having the ethernet cable plugged in

    If your using it for anonymity (for whatever reason) than its probably your best bet, although no one is ever really anonymous on the net even if using Tor. There are still ways to backtrack through tor servers etc to your original IP address as Steven said.

    Internet is always about being smart and using logic (most of the time)
    Last edited by SL6-A1000; 02-17-2013 at 01:10 PM.

  4. #4
    Linux Newbie
    Join Date
    Sep 2007
    Posts
    218
    I looked into Tor a while back. It's a great way to obscure online habits and history, yet I decided against it. I had to ask, 'From whom am I trying to hide my online habits and history?' and 'What are they (whoever they is/are) gonna get if they find out, or if they crack my system?' I mean, there's not much personal stuff on my HD (tax returns and other such data is copied to removable media and then deleted from the HD), there's no sensitive or proprietary business data, I don't write/post information that makes me easy to identify, I don't store gigs of pirated music and videos, my name's not in my email address and I don't have millions to make me a worthwhile target. Were someone to track my habits, they'd find me just as boringly normal/average/whatever as the zillions of other users out there.

    A commenter to the article you linked (my bold):
    Strider73
    Tor can be glacially slow at times as it routes through several proxies, most of them overseas. Sometimes it feels like dial-up. A good alternative is Anonymizer(.com), whose speed loss is minimal.

    I'm surprised the author didn't mention Abine's DoNotTrackMe add-on, which blocks advertisers & social networks from tracking you. (FYI, this site has 9 trackers on it!) Abine also offers a "MaskMe" add-on for Chrome; a Firefox version is still in the works.
    I'd suggest NoScript; I didn't get those 9 trackers when visiting the site.

    As Steven_G points out, Tor's popularity has created a concentrated focal point for abusers, much like facebook and other high-traffic sites/networks... so why subject my system to the greater potential scrutiny from hackers and others lying in wait (with Tor), than I'd normally get when online (without Tor)?
    elija likes this.

  5. #5
    Linux Enthusiast cousinlucky's Avatar
    Join Date
    Dec 2005
    Location
    New York City
    Posts
    676
    I really appreciate the information gentlemen!! I have decided that it seems I would be better off not using Tor at all since I do not know how to configure or use it safely.
    PCLinuxOS Gnome and PCLinuxOS Mate
    Linux user # 414321
    You Should Not Give In To Evils, But Proceed Ever More Boldly Against Them!! -from book six of Virgil's Aeneid
    Everything Within The Universe Is Related; We Are All Cousins!!

  6. #6
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    383
    Well, I don't rely on Tor for anything. Then again I don't have anything I need to rely on it for. I'm a very boring guy. But, I like to see how stuff works. And there is some pretty neat work underlying Tor. If you want to poke around with it to learn some of the ways that traffic can be routed in less obvious ways I'd say go for it. Just go in with your eyes wide open.

    If you just want a good generally secure system then read on:

    Run *nix with properly configured AppArmor or SELinux with FireFox.

    ArpOn and PortSentry are both good OS level *nix network security tools.

    Rootkit Hunter, Chkrootkit and Linux Malware Detect are all good tools.

    And learn how to configure FireFox. I followed the link you dropped for FF configuration a few weeks back and learned a thing or two in the process. (Nobody knows everything.) And it was good as far as it went. But there is a lot more ground to cover on securing a browser.

    The modify header plugin will allow you to drop the user-agent string of a different browser / OS in to your broswer so you look like something you're not. This is a really easy way to protect yourself when you accidentally end up at malicious / compromised sites. Such sites often employ automated scanners that indentify the type of system that you have and customize their automated attacks to your system. So, when they attack me they are attacking FF 5 on XP!. BTW, there is an identifying string generated by FF that cannot be obfuscated - last I heard. So, if you run FF never change your header to say that you're on something elses like IE. You'll give yourself away. Instead change your OS and FF version.

    More good security plugins to learn how to use:

    Ghostery
    NoScripts
    Passive Recon
    HTTPS Everywhere
    Certificate Patrol
    RequestPolicy
    Cert Viewer Plus
    AdBlock
    CalomelSSLValidation
    Ask For Sanitize + Secure Sanitize
    Search Engine Security
    Webmail Ad Blocker
    WOT (Web of Trust)
    Perspectives
    ForceTLS
    BetterPrivacy
    Conspiracy
    JS View

    Now don't try to use all of those on every browser instance you create. You'll drive yourself mad. Mix and match them for various uses. My general surfing FF instance is not locked down any where near that tight. But, in my specific use (encrypted) banking VM I can tell you EVERYTHING that is going on behind the scenes in my browser as my information transits the web. But, it's such a nightmare to configure that it is setup to work with *exactly* 17 sites; namely, my bank, all my bills and the couple of places I shop on line.

    Also, specifc use VMs, VPNs, Truecrypt, PGP and encrypted home folders are all handy things.

    BTW Collusion is a fun little plugin to check out.

    Learn what FIPS is and when / how / why to use it.

    Browserspy, Panopticlick and the Jondo Anonymity Test (click link middle / top of page to run the test) are all very, very informative as well.

    I know all that may sound a bit over the top. But, I just want to be damned sure that some 12 year old script kiddie in Chechnya is not going to clean out my bank account.

    But, there's a lot more to it than that.

    Don't open or answer spam mail.

    Be careful about what programs you install and where you get them from.

    Learn basic firewall configuration.

    Use well known distros set up by gurus for novices.

    Always use different user names and passwords at every site.

    Lie on your security questions. Now that social is so big one of the big things for the script kiddies to do is track you through social and gather enough info that they can guess the answers to your security questions. (So, your favorite aunt should be Batman or Mr. Ed or Swamp Thing or Drain-O or eatmyshorts, etc.)

    Put NOTHING on social. Or at least use some sense and lock down who can see what. And never put personally identifying info on social.

    Another good thing: Set up an extra checking account. This account AND ONLY THIS ACCOUNT is used to shop on line, pay bills on line, pay for gas, pay for groceries, pay rent, pay at restaurants or for anything else any where else. And you only transfer in to it what you need to pay for stuff as it comes up. Keep the rest of your money out of this account. Then, if the bad guys get that number you're only out a few hundred dollars and one or two charges / bills will bounce. But, you'll still have access to the rest of your money as you fight with the bank or whoever to get the other money back.

    Almost forgot: You really need to study up on how to secure your router. I could write another post on just that. But these are the BIG ones:

    1) Turn off UPnP
    2) DO NOT hide you SSID (And learn why you're actually more secure by showing it to the world)
    3) Learn what _nomap is for and then decide if you want to blend in or stand out.
    4) Turn on MAC address filtering
    5) Set it up to use OpenDNS to resolve DNS (And stop resolving DNS locally and find out why you shouldn't.)
    6) Turn off Wifi Protected Access (And learn why it should be turned off.)
    7) Learn how to stealth your router
    8 ) Configure your router so that it can only be admined on a wired connection
    9) Use the best encyrption your wireless has. If it is old and will only do WPA then replace it.
    10) Turn off the guest account in your router.
    11) If your router has a DMZ built in to it then don't use it unless you know what it's for and how to configure it.
    12) Do some googles on how to turn off services in a router; figure out which ones you need and kill the ones you're not using.

    Go on line and do a few googles for sound password creation / mangement practices and change all of your passwords to comply. Passwords should now never be less than 14 characters, preferably 24. AND NEVER STORE PASSWORDS IN YOUR BROWSER!

    Learn what Evercookies, Supercookies and LSO's (Local Shared Objects [Flash] ) are then use BleachBit between browsing sessions.

    Your banking VM should not have flash or java in it. (Learn why.)

    Learn how to use and configure all of the tools built in to a default installation of FireFox. There are many.

    StartPage makes an excellent search engine.

    Note: I have tested the above list of FF extensions and they are all compatible with each other. Not all FF extensions are. Feel free to mix and match, but be advised that adding to the list may have unforeseen negative consequences. For example: If you use Ghostery and then try to add either TACO or Beef TACO to FF you are going to have a whole lot of issues; especially if you use custom history / cookie rules. In that configuration, along with other headaches, all of your custom rules will disappear and you'll have to recreate all of them manually from scratch. There's no way to recover / restore them unless you have an off disk back up of FireFox.

    Last, but not least, look in to the work by the EFF on browser fingerprinting.

    That should keep you busy for a while.
    Last edited by Steven_G; 02-19-2013 at 12:55 PM. Reason: Forgot some stuff / Added stuff / Fixed typos

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •