TOR browser is perhaps the simplest and most affordable way for an anonymous connection to the Internet. Now we will talk about how to set up the TOR browser on your computer, as well as where to download it and how to install it.
Step No. 1. Download the TOR browser.
TOR browser is free browser, built on top of Firefox. You can download it from the official website of the developer. To do this, you need to go to the website, select a language and click on the “Download” button. After which the installation files will begin downloading.
By default, the site will offer to download the version of the TOP browser that is suitable for your operating system. If you want to download a version for another OS, you can do so.
Step No. 2. Installing the TOR browser.
At the TOP installation stage, the browser does not require any additional configuration. Everything happens automatically, you just need to follow the instructions that will appear on the screen. So first you need to select your browser language.
And then the folder in which the TOR browser will be installed.
Then all you have to do is wait until the installation is completed.
Step No. 3. Launch and configure the Tor browser.
After launching the TOR browser, a window called “ Network settings TOR".
There are two buttons available here: Connect and Configure. If you click on the “Connect” button, the TOP browser will start working with standard settings. This option is suitable for most cases.
The “Configure” button will launch manual setting TOR browser. This option may be useful if you connect to the Internet through a proxy server or if your Internet provider blocks the TOR network. First of all, the TOR browser will first ask whether your Internet provider is blocking the TOR network. If there are no problems connecting to the TOR network or you don’t know for sure, then select the “NO” option.
If you select “Yes”, the TOR browser will offer to configure bridges. A bridge is a point in the TOR network whose address is not published in the TOR documentation. You can download the list of bridges on the website.
After setting up TOP bridges, the browser will prompt you to configure an Internet connection through a proxy server. If you connect to the Internet directly (without using a proxy server), then you need to select the “NO” option here.
If a proxy server is used to connect to the Internet, then you need to select the “YES” option and configure the connections. TOR browser will ask you to select the type of proxy server, its IP address, as well as other proxy-related settings.
After setting up the proxy server, you just need to click on the connect button and the TOR browser will connect to the Internet through the TOR network.
Step No. 4. Checking the TOR browser settings.
If you have configured the TOP browser correctly, the following message should appear on the screen: “Congratulations! This browser is configured to use TOR."
If the inscription appeared on the screen: “Alas. IN this moment you are not using TOR”, this means that there is something wrong with the TOR browser settings and it was not possible to connect to the TOR network. In this case, you can click on the onion button and select “TOR Network Settings” or simply press the S key on your keyboard.
After which you can re-configure the TOR browser.
Step No. 5. Change the IP address in the TOP browser.
Immediately after connecting to the Internet through the TOR network, you receive a new IP address. But, if necessary, this address can be changed. To do this, you need to click on the button in the form of an onion and select the menu item “New TOR chain for this site.”
After which the page will be updated and you will receive a new IP address. You can check how this works on any website to check the IP address, for example, you can use the website.
Tor is indispensable tool for those who are concerned about privacy when surfing the Internet. Many people believe that for complete anonymity it is enough to simply download the Tor browser package from the Internet and run it. This is wrong. When browsing the Internet, it is worth considering that there are certain patterns of so-called incorrect behavior that can reveal your real identity and location even when surfing through Tor. We will try to get to know the Tor network better and develop some mechanisms for interacting with this network in order to maintain our privacy.
Introduction
So, the Tor network is created by servers run by volunteers. The main purpose of the Tor network is to allow users to hide their identity and also to thwart Internet surveillance mechanisms. All your interactions with the Network are encrypted, requests pass from one relay to another, and then finally reach their destination. Combined with https Tor provides end-to-end encryption, making it impossible for even volunteer maintainers to read your traffic Tor servers, and your real IP address is well masked by the IP address of the last relay.
What could possibly go wrong with such an elaborate privacy protection scheme? Why are these measures not enough to maintain your complete anonymity?
Where to start
To start forming the right habits when working with Tor, let's highlight a few main points:
- Use the Tor browser exclusively. Despite the fact that any browser can be connected to the Tor network, it is recommended to use the browser of the same name. The reason is that the native browser is configured accordingly, while other browsers may cause leaks confidential information thanks to your settings.
- Do not work with torrent files via Tor. It is well known that torrent file sharing applications can ignore proxy settings, revealing your real IP address. Another reason is that torrenting through Tor can greatly slow down the entire network.
- Use HTTPS everywhere. The Tor browser has a plugin called HTTPS Everywhere that forces sites that support this protocol to use it. As a result, you get the opportunity to use end-to-end encryption. Visit the website of the developers of this plugin for more information.
- Do not install or activate additional browser plugins. The only plugins you need are already included in the Tor Browser. Other plugins can expose your identity, making Tor completely useless.
- Do not open documents downloaded by Tor while you are online. If you open a document downloaded using Tor, it may contain links that connect to the site without going through Tor. This may lead to information leakage.
- Disable JavaScript completely (only as a last resort). Tor has a NoScript plugin specifically for these purposes. If you want to completely disable JavaScript in the browser, go to about:config and set the “javascript.enabled” setting to false. However, it is worth considering that almost all modern sites use JavaScript for rendering, so disable it completely only in extreme cases.
- Disable the use of HTTP referer. To do this, go to about:config and disable “network.http.sendRefererHeader” (change 2 to 0).
- Disable iframes, to do this again go to about:config and disable “noscript.forbidIFramesContext”, changing the value to 0. Iframes can be used for distribution malware, however, they also play a big role in the functioning of modern websites.
- Use Tor bridges. All of the above precautions will not hide the fact that you are using the Tor browser. Therefore, the user tracking the traffic can note this. If you are concerned about this issue, we highly recommend using Tor bridges.
Setting up Tor bridges
Tor bridges are special relay nodes of the Tor network. They differ from ordinary nodes (nodes) participating in the connection chain in that they have a closed status. That is, they are excluded from publicly available (published) lists. Used to bypass blocking by the Tor network provider.
If Tor is not running, click "configure" in the main window and skip the proxy phase.
Figure 1 and 2. Skip the proxy setup phase
Then click "Yes" on the next screen and select "obfs4" as the default type.
Figure 3 and 4. Select obfs4
If the browser is running, you need to perform the following sequence. Click on the bow icon.
Figure 5. Click on the bow icon
Then select “Tor is censored in my country.”
Figure 6. “Tor is banned in my country”
Then also select "obfs4".
Figure 7. Select “obfs4”
After all these steps, it will be difficult for anyone to identify that you are using Tor.
conclusions
So, we have received enough information to try to configure Tor correctly. Firstly, we found out what it is Tor bridge and how it will help us remain anonymous. We also discussed how to avoid government blocking of Tor traffic by using the obfs4 setting, which obfuscates your traffic, making it look harmless.
Moreover, there is a way to get your own custom bridges, for this you need to send email at this address, containing the line “get bridges” in the body. There is a caveat - you must send a letter from one of the following mail services - Gmail, Yahoo! or Riseup, since the system only supports these providers. Happy experimenting!
Hello, dear readers of the blog site. You probably know that any of your actions on the network (website pages viewed, files downloaded, videos watched) can be tracked, and from completely different places (by contacting your Internet provider, rummaging through your computer, or searching in the logs of the sites you visited ). Anonymity on the Internet exists only if you don’t start “digging deep.”
There are some solutions to the “leaving trace problem” that we have already covered. For example, you can and then no traces of your visits will be saved on your computer. Or, for example, when blocking access to some sites (for example, to log into Contact or Odnoklassniki from a work computer).
But there is a much more comprehensive solution - this is the so-called TOR. Essentially this is software, which with a very high degree of probability allows you to hide from prying eyes everything you do and have done on the Internet. It’s precisely on the basis of this technology that it works Tor Browser, which will be discussed today. Essentially, it wraps complex technology in the shell of a normal-looking browser, accessible to any Internet user, which everyone can use. But its filling is unusual...
What is TOR?
I don’t want to overload you with technical terms and concepts that, by and large, will be superfluous. I’ll just literally describe in a nutshell (on my fingers) the principle of operation of the Thor technology and the system built on its basis Tor Browser. This knowledge will allow you to understand what to expect from this software, what strengths and weaknesses it has, so that you can consciously use it for your needs.
So, initially all this was brewed in one of the US military departments. Why they needed it, history is silent, but at the beginning of the 2000s, the beginnings of Thor technology were completely unexpectedly laid out in general access. And they were open source codes and this software became freely distributed. What does it mean? And how much can you trust such a “gift”?
The question is fair, but you can trust it precisely because the code of this technology is open. The fact is that since then (over a decade and a half) these program codes Hundreds, if not thousands of people who understand this have studied (and made changes) and no “bookmarks” or “secret doors” were found. Where it's about safety(in our case, transfer and storage of information), it is better to work with open source software (software).
By the way, this is why when choosing n, but for . They simply belong to the category of free software and their code has been checked by thousands of competent specialists. It’s somehow calmer, because I store a lot of passwords for services tied to money and losing them would be very expensive.
So, TOP technology allows you to access websites and download something from the network without leaving any traces behind. That is, when you open, for example, a website through the Tor Browser, it will be impossible to track the IP address of your computer on this website (and therefore to identify you). Even your Internet provider will not understand (even if you want) that you visited this site (and it will be impossible to prove it). Well, the browser itself will not store all traces of your wanderings on the Internet.
Wonderful, isn't it? I understand that in this way people can cover up their dark affairs. Not without this, of course. But the general idea of Thor is still bright - to provide the Internet user with real freedom in the form of complete anonymity. For example, in some countries access to certain resources may be blocked without justification, but Tor Browser will allow you to bypass these obstacles and not be punished for this violation, because they will not know that you did it (or will not prove it). But that's not the point...
How TOR works? This is called onion routing. Look. There is a network of nodes owned by adherents of this technology. Three arbitrary nodes are used to transmit data. But which ones? And this is precisely what no one knows.
The Tor browser sends a packet to the first node, and it contains the encrypted address of the second node. The first node knows the key for the encryption and, having learned the address of the second, forwards the packet there (it’s like removing the first layer of an onion). The second node, having received the packet, has a key to decrypt the address of the third node (another layer has been removed from the onion). Thus, from the outside it is not possible to understand which site you ended up opening in your Tor Browser window.
But please note that only the path is encrypted(routing), and the contents of the packets themselves are not encrypted. Therefore, to transmit secret data, it would be better to first encrypt it (at least in the TruCrypt mentioned above), since the possibility of intercepting it (for example, using sniffers) exists.
In addition, this technology there are a few more disadvantages(or features):
- Your ISP (or anyone else who monitors your traffic) may realize that you are using Tor. He won't know what you're watching or doing online, but sometimes the mere fact of knowing you're hiding something can have consequences. Take this into account and, if possible, study ways to enhance camouflage (and they exist), if this is critical for you.
- The TOR network does not use special high-speed equipment, but, in fact, ordinary computers. This brings up another drawback - speed the transmission of information in this secret network can vary significantly and sometimes it is clearly not enough for, for example, viewing media content.
Where can I download the official Russian version of Tor Browser?
On this blog I have already published an article on that. There was also mention of the Torah. Naturally, it is better and safer to download any product from the developers’ website, i.e. the official one (I think you know). The Tor Browser download page is located at this address (I repeat once again that for security reasons it is better to download from the official website):
Please note that before clicking on the download button, you must select a language. The default is English, but you can select a dozen more options from the drop-down list, including fully localized Russian version. This is how it will work more pleasantly when the interface language is native.
Although, during installation you will again be asked about your preferred interface language and you can also select Russian there. Otherwise, the installation process is no different from installing any other browser.
However, when you first start you will be asked if you need to additional settings to connect to the TOR network. In the vast majority of cases, it will be enough to simply click on the “Connect” button:
It will take some time for the browser to successfully connect to the Tor network:
After this, a window will open in a browser that looks normal at first glance, but works with the Internet by creating encrypted tunnels (analogues).
However, the developers themselves emphasize that Thor is not a panacea(at least with default settings). Therefore, those who are paranoid about absolute anonymity are advised to follow the link for clarification on this matter.
How to use the Tor browser?
When you first load the browser, you are immediately prompted use anonymizer to search at disconnect.me. Actually, it is this service that will be used as “ ” in this browser (you can change this in the settings), i.e. when entering a request for again open tabs browser or when you enter it through the address bar on any tab, the disconnect.me anonymizer will open with search results.
The search is actually carried out by Google (you can select from the settings in the top panel of the service - see the screenshot below), but no traces of who exactly conducted the search remain (remember, I wrote about the fact that, but in fact, nothing can be permanently deleted , so those who are concerned about anonymity need to remember this).
Don't forget also select search language(in the top panel of the disconnect.me window on the right), because thanks to the anonymizer, Google will not be able to recognize your preferred language automatically. Although, by choosing, for example, Russian, you to some extent lift the veil of secrecy about your incognito for this search engine. But here you need to make a compromise - either convenience, .
Yes, the Tor browser will also warn you when you first click on the link that it is better to load pages in English, to avoid, so to speak.
Personally, I chose the “No” option, because convenience is more important to me, and I don’t speak any other languages besides Russian. Alas and ah.
By the way, you can check it yourself that you have indeed been “encrypted”. To do this, it will be enough to go to the site from any other browser, and then do the same from under Thor. As you can see, TOR replaces (I became a sultry Norwegian) and this is only a small part of protecting your anonymity.
By the way, if you click on the onion to the left of the address bar, you will be able to see the same chain of three nodes (proxy) that separates your computer from the site you are visiting (I wrote about onion routing just above):
If desired, this chain of nodes can be changed. You can also change your “browser-created personality” if you don’t like the current one. However, this will close all open tabs in Tor and it will be automatically reloaded.
Here you can also access security settings:
By default, all privacy settings (anonymity are enabled), but the security level is at the lowest level due to the fact that only in this case you all functions of this browser will be available. If you set the security settings of the Tor browser to “high”, a whole bunch of browser functions will be available only after you force them to be activated (i.e., everything is disabled by default). For me this is overkill, so I left everything as it was, but you can choose something in the middle (compromise).
Otherwise Tor Browser is similar to Mozilla Firefox , because it is essentially assembled on its basis. This will be clearly visible when you go to settings (by clicking on the button with three horizontal lines in the right top corner):
Good luck to you! See you soon on the pages of the blog site
You might be interested
Incognito - what is it and how to enable incognito mode in Yandex browser and Google Chrome 
Search and browsing history in Yandex - how to open and view it, and, if necessary, clear or delete it How to do home page Yandex or Google home page, as well as any page (for example, this) set as home 
How to install WhatsApp on a computer - PC version and using whatsapp Web online(via web browser) How to install Google Chrome, Yandex Browser, Opera, Mazila and Internet Explorer on your computer for free
The program is free software that makes it easier to anonymously communicate and browse the Internet. It is a reliable Internet browsing tool that comes in the form of a browser. The following are tips for maintaining security and privacy when using your browser: Tor.
Privacy and security when using Tor
If you want to remain anonymous when using the Internet, then Tor at least as good as the best private sites VPN that you can name. But you must remember that Tor- is not VPN, is a proxy that protects traffic passing through it. This is explained in detail in complete guide by use Tor.
On my own Tor cannot guarantee your security and privacy. You need to understand the best practices and tips for using this browser to achieve maximum security and benefits of using it.
These tips include:
1. Don't use personal information
2. Update your system regularly
3. Don't use Tor to search Google
4. Disable Java, JavaScript and Flash
5. Don't use Torrent or P2P networks
6. Delete cookies and other data regularly
7. Don't use HTTP sites
We are not talking now about what Tor- this is the most best tool when it comes to online privacy. But if you use it correctly, it becomes a very powerful tool.
Do's and Don'ts of Using Tor
When used correctly, Tor is a wonderful tool. Many people associate it with the dark web and illegal activities. But this view only reflects a small part of the user base. Tor.
For other applications Tor relate:
- Business activity
— Publication of anonymous messages, data or information
— Warnings (think WikiLeaks)
If you decide to start using Tor, then make sure you follow the tips above, detailed below.
1. Don't use personal information
One of the reasons many people fail is mixing their personal information with business-related activities. Tor. This includes using or sharing your personal email addresses. Email, use of the same login names, use of debit or credit cards, not using an anonymous identity, and much more.
If you apply Tor That's right, create an anonymous identity and use it. Use based on Tor or temporary email services, and pay with anonymous cryptocurrency. Temporary postal services can be used where you don't need permanent mailing address. After some time, the temporary email address will be deleted.
2. Update your system regularly
Browser Tor as safe as safe operating system, in which it is executed. After all, it is software. If your OS is outdated, third parties or organizations can exploit loopholes in it to bypass the protection Tor and damage or use your data.
If a potential attacker is able to determine which OS you use then Tor will not be able to protect you. As for the operating system, using Windows is hardly a good idea. This is due to the inherent internet security bugs and vulnerabilities it has.
If it can't be avoided using Windows, then make sure you update it regularly - here you can take advantage of automatic updates.
3. Don't use Tor to search Google
System Google collects and stores information such as search queries. Google also stores cookies on your computer to track your browsing habits. For people particularly concerned about the security of their information, use of Google in the browser Tor.
From others search engines for use with Tor can be called DuckDuckGo And StartPage . They do not monitor or log, save queries, or store any information on their servers or on your device.
4. Disable Java, JavaScript and Flash
Use in Tor active content carries great risks. Tools such as Adobe Flash , QuickTime , ActiveX , Java And JavaScript can only work thanks to your privileges account. Thanks to this, they can access your private data.
The most dangerous system is JavaScript . It is a widely used browser programming language that allows you to ignore settings proxy and monitor from Web-sites. In addition, these tools can store cookies and other data from the browser Tor, which are difficult to detect and remove. Disabling them completely will provide slightly more high level privacy and security.
5. Don't use Torrent or P2P networks
Browser Tor not intended for file sharing over such networks P2P, How Torrent . Network architecture Tor configured to completely block file sharing traffic, and use P2P V Tor– this is not only risky in itself, it is also a risk to your privacy and anonymity.
Clients like BitTorrent not inherently protected. When used in Tor, they will send your IP-address to other network nodes, and it is impossible to stop it.
6. Delete cookies and other data regularly
Although Tor routes your traffic through multiple nodes, preventing traffic analysis that may still be used to track your online activity cookies and other scripts. With sufficient quantity cookies or key bits of data, they can be pieced together to determine your identity.
Using Tor, clean regularly cookies and local site data, or use add-ons that do this automatically.
7. Don't use HTTP sites
Data coming from Web-sites according to the protocol HTTP, and transmitted by them, are not encrypted. Browser Tor only encrypts traffic within its network, so using sites HTTP leaves you vulnerable to prying eyes, even if your traffic passes through additional nodes.
Visiting sites with protocol HTTPS, using end-to-end encryption such as TLS And SSL, completely safe. With sites HTTPS all your data is safe, even outside the ecosystem Tor.
Browser Tor It's only as safe as you make it.
This browser is one of the best available tools to protect against third-party unauthorized viewing of your data.
Although it is not perfect, and has inherent vulnerabilities and weaknesses, it is possible to protect against them by strictly adhering to best methods protection and using the tips above.
It doesn't matter what you use it for Tor, the anonymity of your actions is your main concern. Anonymity on the Internet is not easy to achieve, especially since we live in a data-driven world.
We continue to cover the topic of anonymity and security on the Internet, and following the article “Setting up Tor Browser” we publish a translation of recommendations from torproject.org and Whonix. Following these guidelines will prevent you from making many dangerous mistakes when using Tor technology. Be sure to pay attention to our notes on the translation, they are hidden under the plus signs in square brackets.
Want Tor to actually work?
You'll have to change some of your habits because Tor works differently than most users are familiar with.
Use Tor Browser
Tor does not protect all Internet traffic from your computer - only the traffic of applications that are properly configured to work through it. In order to avoid problems with setting up Tor, we kindly ask you to use the Tor Browser, which is pre-configured to protect your anonymity and privacy on the Internet We would like to note that this is an overly optimistic statement. The problems of anonymity and privacy when using Tor Browser are discussed in detail in the material “Setting up Tor Browser”. Methods for solving them are also given there. . Almost any other internet browser configuration will likely be unsafe to use through Tor.
Don't torrent via Tor
Torrent file sharing apps sometimes ignore proxy settings and make direct connections even though they are configured to use Tor. Even if your torrent application connects to the network exclusively through Tor, it will still be forced to periodically send your machine's real IP address in a GET request, simply because that's how torrent technology works. By using Tor to share files via torrent, you not only de-anonymize your torrent traffic and any other concurrent traffic from your machine, but also slow down the Tor network for everyone else on it.
Do not enable or install browser extensions
Tor Browser automatically blocks browser plugins like Flash, RealPlayer, Quicktime, and others, since they can be tricked into revealing your real IP address. We also do not recommend installing any other browser plugins or extensions in Tor Browser because they may bypass Tor or otherwise compromise your anonymity and privacy.
Use HTTPS versions of sites
Tor encrypts transmitted data within the Tor network, but encryption to the final destination site depends on the settings of that site. To provide an encrypted connection to sites, Tor Browser includes an HTTPS Everywhere feature, which forces large sites that support HTTPS to use it. Despite this, you should still be vigilant and see if the connection to sites you want to provide important information to is encrypted using HTTPS: the address bar should contain a blue or green bar, the https:// prefix and the correct site name.
This is what the address bar should look like for an HTTPS site
Details of the interaction between Tor and HTTPS can be read on a special EFF page.
Do not open documents downloaded via Tor while online
Tor Browser issues a warning before opening a document processed by an external application. DO NOT IGNORE THIS WARNING. You need to be extremely careful when downloading documents through Tor, especially DOCs or PDFs, unless you use the Tor Browser's built-in PDF viewer to read them. These documents may contain links to resources on the Internet that will be downloaded by the application that opens them, not through Tor, which will automatically reveal your real IP address. If you have to work with DOC and PDF files, we strongly recommend using a computer disconnected from the network for these purposes, or virtual machine, which has the network disabled, or a special Tails operating system. Torrenting through Tor, however, is never safe.
Use a bridge connection or find teammates
Tor aims to prevent a potential observer from understanding what sites on the Internet you are accessing. However, by default it does not mask the fact that you are using it from someone who might be spying on your outgoing traffic. If this is important to you, Tor can be configured to use a bridged connection instead of connecting directly to the Tor network. But in the end, best protection here - mass character. The more people using Tor near you, and the more varied their activities through it, the less likely you will be to be identified. So it's in your best interest to convince other people to use Tor!
What NOT worth doing using Tor
Don't see what your personal website looks like from anonymous mode
It is best to avoid visiting your personal websites that use your real name or an alias associated with a non-anonymous IP address or connection. Think about it - how many people visit your personal website per day? 90% of all Tor users, or just you and maybe a small handful of other people? Such visits greatly weaken your anonymity. Once you have visited your site, the entire chain of Tor connections is compromised. The exit node can register that someone has visited your site, and if this site is not very popular, you can easily guess that “someone” is you. You can then assume that subsequent connections using the same exit node also belong to you.
Don't go into your personal account on social networks. It doesn't matter whether it's registered under your real name or a pseudonym - if you use it, it means you've probably added people as friends who know who actually owns this account. Facebook, for example, can determine your identity through analysis of your social connections.
Anonymity tools do not work “by magic.” The software can hide your location, i.e. IP address, but Facebook doesn't need them. It already knows who you are, who your friends are, what private messages and who you write to, and so on. All this information is stored in Facebook archives, and no software can get it from there delete - only the administration of Facebook itself or hackers.
So if you log into your personal Facebook account, you are only hiding your location - but you are not anonymous.
Quote from "To Include or Not to Include: The End of Torbutton":
Do not log into any accounts that you have ever not used via Tor
When visiting sites on the Internet, always default to the fact that they record your IP address, the time of visit and all your actions.
It is also worth assuming by default that your Internet provider measures your time on the network, the addresses issued to you, and possibly traffic. It can also record which addresses you visited, and how much data you received from where and where. And most often this is true. In Russia, all providers are connected to SORM, in the USA to CALEA. . It can even record exactly what you sent or received Do not confuse recording the fact of data transfer and recording the data itself. The fact of data transfer is recorded without fail by all Russian providers; the record includes the amount of data transferred, time of transfer, IP address of the destination source (that is, yours and the server on the Internet). The data itself Bye not recorded, that is, the provider does not record the contents of the pages you open, chat conversations, downloaded music and video files, etc. But this is exactly what our authorities are trying to force providers to do by accepting the “Yarovaya package”. , unless, of course, it was encrypted.
With websites and providers storing all this information, you don't need to be Sherlock Holmes to put two and two together.
If you screw up just once and go somewhere you used to go via Tor from an address that can be linked to you, that entire account can be considered compromised.
Do not log into your bank account, payment systems and other important places, except in special cases
Using Tor to visit bank and payment system accounts that are registered in your name puts those accounts at risk of being blocked automatic systems security for “suspicious activity.” This happens because hackers sometimes use Tor for fraudulent activities.
It is still not anonymous - for the reasons already stated above. This is, at most, pseudonymity, and allows you to bypass restrictions in cases where the provider blocks access to the site, as well as hide your location. The difference between anonymity and pseudonymity is discussed in more detail later in the text.
In most cases, you will be able to contact support and have your account unlocked, or even request that your account's security settings be relaxed.
While the Whonix developers are not against using Tor to bypass blocks and hide your location, you still need to be aware of the risk of temporary account suspension. But if you know what you're doing, go ahead.
Don't alternate between Tor and public WiFi
You might think that public WiFi is faster and as secure as Tor because its IP address has nothing to do with your name, right?
It's better to use Tor AND public WiFi, but not public WiFi OR Tor.
The approximate location of any IP address can be determined down to a city, district, or even street. Even if you have moved further away from home, you still give away your city or approximate place of residence, since most people do not often move from one continent to another.
You don't know who administers this public hotspot or the rules they set. They may keep records of your MAC address that will link you to activities you have conducted through their network.
While using public WiFi does not technically violate your anonymity, it does sharply narrow the pool of suspects from around the world, continent or country to one specific area. This is detrimental to anonymity. It is necessary to give out as little information about yourself as possible.
Don't use Tor over Tor
This issue is specific to Whonix. Using the transparent proxy that comes with Whonix, you can start a Tor session from both the client and the transparent proxy, thus creating a connection “to Tor through Tor.”
This can happen if you install Tor on a Whonix workstation or use the Tor Browser without first configuring it to use SocksPort instead of TransPort (this is covered in more detail in another article).
This situation leads to uncertain and potentially dangerous behavior. In theory, you can achieve six links in the chain of connections instead of the usual three. But no one guarantees that these will be different links: you can get the same nodes, but in reverse order or mixed up. Whether it is safe or not is unknown, since this issue was not discussed by the Tor developers.
While you can choose your own entry or exit node this way, the best results are achieved when you leave the route selection to Tor Another overly optimistic statement. In our practice, there were cases when Tor Browser laid a chain in which there was the same entry country and exit country, and even when all three nodes of the chain were located within the same country. Why this is bad, and how to avoid such a situation is described in the article. . Choosing an entry or exit node yourself can damage your anonymity in unpredictable ways. Because of this, using Tor via Tor is discouraged From our point of view, this warning sounds extremely unconvincing, however, if you have little understanding of how Tor works and are not sure what you are doing, then it may be better to listen to him. .
Do not send important data unencrypted
Weekend Tor nodes can eavesdrop on traffic passing through them, and Tor is not immune to other types of man-in-the-middle attacks. The only way to deliver sensitive information from sender to recipient without it falling into the hands of third parties is to use two-way encryption.
Do not disclose information that could help identify you
Deanonymization can be achieved not only by tracking IP addresses and connections, but also through purely social means. Here are some tips on how to avoid de-anonymization, compiled by Anonymous:
If you must disclose information that could help identify you, it should be treated as important information from the previous paragraph. We also recommend reading the “Special Skills” section of the “Take a Step” material.
Use bridging if you think Tor is suspicious
If you feel that it is dangerous to use Tor in your country, or that using Tor may bring suspicion upon you, use bridging connections, even if Tor is not formally blocked in your country. If the intelligence services have taken a close look at you, this will not help.
Don't use the same nicknames for a long time
The longer you use the same pseudonym, the higher the likelihood of a mistake becoming, which will reveal your identity and allow interested parties to then piece together all your activities. As a precaution, you should regularly create new identities and stop using old ones.
Don't use different aliases at the same time
It's easy to draw parallels here. Whonix is unable to magically separate your aliases from each other. Of course, this applies not only to Whonix, but also to any other anonymization software, including Tor Browser and Tails.
Don't be on Twitter, Facebook, Google, etc. longer than necessary
The time you spend on social networking accounts and other services should be limited to the time you use them. After you have finished doing what you were going to do - at a minimum, log out of your account, close Tor Browser, change the connection chain and wait a couple of seconds for a new one to be installed.
This is necessary because many sites contain integration buttons such as “Like” and “Tweet this,” as well as Google Analytics, AdSense and other modules. These buttons inform their service that you have visited this site if you access it without logging out of your account. We reveal this topic in more detail.
Also pay attention to the previous point about the fact that you should not use different pseudonyms at the same time.
Do not mix different anonymity modes!
It's better to start with brief description what anonymity modes are in general:
Mode 1: The user is anonymous, the recipient is any
Situation: anonymous post, comment or message.
The user remains anonymous.
The real IP address is hidden.
Location hidden.
Mode 2: User knows the recipient, both use Tor
Situation: both the sender and the recipient know each other and use Tor.
They can send messages to each other without a third party knowing about it.
The user is NOT anonymous.
The real IP address is hidden.
Location hidden.
Mode 3: The user uses Tor non-anonymously, the recipient is any
Situation: a person logs in using his real account social network, mail and so on.
He is, of course, not anonymous. Once you log into an account registered under your real name, anonymity is lost. Tor can't help in such cases.
The real IP address is hidden.
Location hidden.
Mode 4: The user is not anonymous, the recipient is any
Situation: normal Internet use without Tor.
The user is NOT anonymous.
The real IP address is known.
The location is known.
Conclusions:
You should not combine modes 1 and 2. For example, if you have mail account, which you use in mode 1, you should not use the same account in mode 2. We explained above why this can pose a threat.
You should also not mix two or more anonymity modes during the same Tor session, as they may have the same exit node, which would allow an observer to establish a connection between these actions.
Other combinations of anonymity modes may also pose a threat and lead to the leakage of information that could identify you or determine your location.
Don't change settings if you don't understand their consequences.
It is generally safe to change anything in the user interface settings of applications that are not connected to the Internet. Nothing will happen to your anonymity if you hide any menu bar or turn off tooltips.
Review the Whonix documentation to see if it provides recommendations for the settings that interest you. Try to get along with the default settings.
Any changes to network-related applications, even if they are just interface changes, must be carefully reviewed. For example, it is not recommended to remove the menu bar or use full screen mode in Tor Browser - this resizes the screen, which creates more opportunities to create a unique "network fingerprint". More details have been written about this.
Network settings should only be touched if you know what you're doing, and very, very carefully. You should stay away from any advice on “tuning Firefox”. If the default settings seem less than optimal, you should contact the developers to make these changes in the next release of Tor Browser. Unfortunately, in reality everything is completely different. The Tor Browser bug tracker has many problems related to data leakage and privacy violations that have not been fixed for years. Read more about this.
Do not use regular Internet and Tor at the same time
If you use Tor Browser and a regular browser at the same time, there is a chance that sooner or later you will enter the wrong window and accidentally de-anonymize yourself.
Using the regular Internet and Tor at the same time also increases the risk that you will simultaneously connect to the same server through anonymous and non-anonymous connections, which is highly discouraged. Why exactly is explained further in the text. It is difficult to accurately determine whether you are visiting the same page anonymously and non-anonymously at the same time because address bar browser, you see only one address that you typed, and not all loaded in background resources. Many sites use the same thing cloud service. Services like Google Analytics run on most websites and are thus capable of recording a variety of anonymous and non-anonymous connections.
If you really need to use the anonymous and non-anonymous network at the same time, at least use two different desktops to avoid confusing browsers.
Do not establish anonymous and non-anonymous connections to the same server at the same time!
It is highly recommended not to connect to any remote server in this manner. Do not create both a regular connection and a Tor connection to the same machine. If your Internet connection is interrupted (and it will happen sooner or later), all your connections will be severed simultaneously, and it will be easy for an outside observer to associate an anonymous connection with a real one, which could potentially give you away right away. The site itself can carry out a “time attack”, slowing down or increasing the speed of one or another connection in order to determine whether there is any connection between them.
Don't confuse anonymity and pseudonymity
This section focuses on the difference between anonymity and pseudonymity. Definitions of terms always prove to be a complex and controversial topic because they require the agreement of the majority of the people who use them.
An anonymous connection is a connection to a remote server in which the destination server has no way to determine the source (IP address or location) of this connection, or associate it with any identifier.
An pseudonymous connection is a connection to a remote server in which the destination server is not able to identify the source (IP address or location) of this connection, but can associate it with an identifier.
In an ideal world, the Tor network, Tor Browser, as well as the operating system, hardware, etc., work perfectly. For example, a user can visit a news site, and neither the site administration nor its Internet provider has any information about whether this user has ever accessed this site before.
The opposite of this is when the software is used incorrectly, for example if regular Firefox is used with Tor instead of the Tor Browser. The location and IP address of the connection are still hidden, but the connection itself can be pseudonymous using a cookie identifier. The destination site, for example, may store information like “a user with such and such a number watched such and such a video at such and such a time on such and such a date.” This information may be used to create a profile. Over time, such profiles become more and more complete, which reduces anonymity and, in the worst case scenario, can lead to de-anonymization.
Once someone logs into a website using a user account, that connection, by definition, ceases to be anonymous and becomes pseudonymous. The connection source is still hidden, but the connection can be associated with an identifier, in in this case- with the name of the user account (account). Identifiers can be used to track many things: which user wrote what when, dates and times of entry and exit from the site, who the user wrote to, what IP address he had (in the case of Tor, this will be the address of the exit node, and for the observer will be useless), as well as the “fingerprint” of his browser, and much more.
However, the developer of Liberté Linux has a different opinion on this matter, which the author would not like to hide from readers, and therefore gives below:
I have never come across a convincing argument in favor of anonymity rather than pseudonymity. Tor developers are building anonymity to justify their own funding and publish scientific works about this theme. Most users need to be pseudonymous and hide their location. Having a unique browser fingerprint does not reveal a user's location unless that user is using that browser for non-pseudonymous activity. And vice versa, good result Browser fingerprint anonymity checks aren't worth much because there are many other ways to get client information, such as using Javasrcipt.
Let's say you created an anonymous blog or hidden service in Tor. Congratulations. Let's say you have a Twitter account with a lot of followers, or a frequently visited page on the Internet. Under no circumstances should you give in to the temptation and be one of the first to spread news about your anonymous project in regular network. The more separate your public and private identities are from each other, the better. Of course, sooner or later you may “naturally” come across this link and host it, but you should be very careful.
Did someone email you a pdf, or give you a link to the pdf? This could be a trap and the pdf is processed in such a way as to infect your system. Don't open anything with tools that are designed for this by default. For example, don't open pdf program to view pdf. If the content is publicly available, use free program to read pdf online.
Don't use mobile phone confirmations
Sites like Google, Facebook, etc. They often ask for a mobile phone number if you access them via Tor in order to verify your identity via SMS message. This should not be done, unless of course you have a special tricky way bypass.
The number you give them will be recorded. His SIM card is most likely registered in your name. Even if this is not the case, receiving an SMS gives away your location. Even if you buy an anonymous SIM card in transit and receive the message after driving away from your home, the phone itself remains. Every time when mobile phone registers online, service provider cellular communication records the SIM card serial number AND the hardware serial number of the phone. If you anonymously bought a SIM card, but not the phone itself, the call or message will still not be anonymous, because these two serial numbers can be linked together. If you really need to confirm something via SMS, you need to move away from home, have a fresh, anonymous phone and SIM card, and when finished, immediately turn off the phone and burn it along with the SIM card.
You can try to find a service that will receive SMS for you. This will work and you will remain anonymous. The problem is that this method probably won't work for Google and Facebook because they actively blacklist such numbers. If you simply ask someone else to accept this SMS, this will only transfer the risk of detection from you to that person.
Why is this text needed?
This text may run the risk of seeming like a list of extremely obvious things. But obvious to whom? Developers, hackers, administrators, and so on, to whom the above things seem “for granted.” These categories of people tend to lose touch with real, inexperienced users. Therefore, sometimes it is very informative to read feedback from people who do not sit on forums and do not participate in specialized mailing lists.
For example, once again a quote from “To Include or Not to Include: The End of Torbutton” so that the reader does not think that the author has pulled this problem out of thin air:
Mike, am I completely anonymous when I log into my Facebook account? I have Firefox 3.6 with NoScript on a Windows 7 machine. Thanks in advance.