Code for DC CryptoParty Agenda | January 7, 2019
Tor Around the World
Bring your phone, tablet, computer, or pen/paper to follow along!
Code for DC CryptoParty Ethos
Privacy is a fundamental human right. It is recognized in many countries to be as central to individual human dignity and social values as Freedom of Association and Freedom of Speech. Privacy is where we draw the line on how far a society can intrude into our personal lives. It is user-defined and varies between individuals. You are the steward of your identity. You are the only person who has the right to disclose your personal story.
Today will be a workshop session. You can participate without an Internet device, but having one will allow you to implement these security practices while we're here to help. This agenda has been adapted from WIRED magazine's privacy guide for public figures, an article on VPN mentor, a Hongkiat blog post, and the Tor project website.
We will cover what Tor is, how it works, tips for using it, and how not to use it. For those of you who are interested in trying it out, we'll get it running on your machine and practice safely exploring the dark web together.
What is Tor?
Tor or "the onion router," obfuscates your IP address and makes you more anonymous on the Internet. Tor was originally developed by the U.S. Navy to protect government communications during intelligence operations. Here's how it works:
- Tor encrypts your traffic in at least three different layers (onion analogy)
- Your traffic is relayed through a network of three volunteer computers (called "nodes"), chosen at random from a network of thousands.
- Each volunteer computer strips off one layer of encryption before relaying your traffic to the next volunteer computer- and ultimately to its destination.
This makes it very hard for your ISP, the volunteer computers, the destination websites, and anybody monitoring your web traffic to track it from origin to destination. You can use Tor to hide your physical location, which is excellent if you're, for example, researching information that might be considered taboo. Thanks to this technology we have:
- whistleblowing platforms that protect conscientious people from retaliation.
- untraceable messaging for activists, journalists, and public figures.
- when using Tor for regular web browsing, sites see your traffic as emerging from a random, untraceable point on the Internet that can't be associated with you.
- consider using an anonymity-compliant search engine like Startpage or DuckDuckGo instead of Google while on the Tor network.
What isn't Tor?
Tor is not a magical gateway to Internet invulnerability. While Tor is a great tool for helping make web traffic more anonymous, it does not necessarily secure the contents of the data itself. In order for Tor to be an effective anonymity tool, the user needs to refrain from using their real name, email address, and other personally identifiable information.
- Even though it might not know the origin, exit nodes can see all your data when the destination website doesn't use SSL. Many government entities run their own exit nodes. If you are completing a transaction (sending something, logging into something, paying for something) over Tor, make sure it's taking place over HTTPS and you trust the website.
- Tor is a traffic router, not a vehicle for encrypting traffic. 👆🏽 As mentioned above, this is why HTTPS is important.
- The Tor browser bundle has been vulnerable to attack in the past. Consider opting for a more robust browser, such as Brave with Tor integration as a feature.
The Dark Net
Tor also allows you to access websites that have not been indexed by search engines and do not have name records on DNS servers.
- Treat the dark web like the Internet in 1995.
Some interesting websites you can access on the dark net (but won't work on the normal Internet):
- Facebook: https://www.facebookcorewwwi.onion/
- ProPublica: https://www.propub3r6espa33w.onion/ <- these websites run their services on the Tor network, since they employ HTTPS, there is no need to trust an exit node.
- The Hidden Wiki: http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page <- does link to some things that are illegal in the United States
Let's take some time and play around with Tor. Install a Tor client like the official browser bundle or Brave. I personally like Brave more because it has additional features built-in, like blocking scripts, cookies, and trackers.
Want to lead a CryptoParty?
Is there a topic in digital security you're particularly interested in? Leading a CryptoParty is a great way to learn more about emerging cryptographic and security concepts. We are looking for folks with all kinds of backgrounds and interests to share their knowledge and interest. Talk to
@Ed O. on Slack if you're interested!