Configuring the Tor network with TorK

Using TorK

The TorK user interface has four tabs. In the Anonymize tab, launch Tor by clicking on the green onion icon (Figure 1). If you use Firefox, launch the browser by clicking its icon: Firefox will now route connections via Tor. The first time you launch Firefox, it copies its settings to a new profile and reconfigures the profile to use Tor. This makes it possible to run Firefox and Tor separately; the settings and bookmarks cannot be exchanged.

If you prefer to surf the web with Konqueror, click on the icon for the KDE browser to route all future connections via Tor. By clicking the icon or closing TorK, you revert to normal use.

Also, you can launch the Pidgin instant messaging program and the Ksirc IRC client by clicking the corresponding icons. Anonymous use of the Jabber, ICQ, and MSN protocols worked in our lab, although chatting on IRC didn't always work because many IRC servers block the Tor network.

If you have installed the Mixminion anomymous mailer, you can click the mail icon to send anonymous email messages. Mixminion is very security conscious and requires you to change the permissions for both the .mixminion folder and the .mixminionrc file to avoid third parties reading them. If necessary, type chmod 700 .mixminion and chmod 600 .mixminionrc to set the permissions after the first launch.

After taking this hurdle, using Mixminion is simple: Write the email normally and send it – Mixminion automatically picks up a list of servers and sends your message.

Incognito

The Incognito [3] Live CD, which is not part of the TorK project itself, conveniently launches TorK on any computer, including a computer in an Internet café. The easiest approach to getting TorK up and running is to use the Incognito Live CD. The 350MB ISO image [3] is only available for the x86 CPU architecture right now. Hardware detection worked fine in our lab.

On booting, Incognito gives you the option of changing the MAC address (Figure 2). If possible, you should accept this offer because it adds another layer of anonymity for your hardware. Changing the MAC address could cause problems on some networks, especially if a DHCP server is used to assign IP addresses on the basis of MAC addresses.

If you can't access the Internet after starting the Live CD, boot again – without changing the MAC address this time. In our lab, a bug bit the Live CD on some systems: Although X server would launch, it would not display. In this case, press Ctrl+Alt+F7 to toggle the screen or enter chvt 7 at the prompt.

When you shut down the system, Incognito ejects the Live CD and then proceeds to overwrite the RAM content, which contains a complete image of the operating system, including the websites you accessed. Theoretically, an attacker might be able to recover this data. In fact, recent research reveals that the RAM chips could be frozen with ice spray after powering off, giving a forensics expert the ability to reconstruct the data some time later [4]. If you are not worried about this, you can just switch off your PC as soon as the Incognito CD is ejected.

File Sharing

The idea of sharing files via Tor might sound intriguing, and the Live CD does include KTorrent, but file sharing is not what Tor is about. Because of low data transfer speeds, file sharing doesn't make much sense.

Door to Tor

Normally, Tor will select nodes itself, but if you want to influence the selection, the Tor Network tab lets you do so (Figure 3). The left-hand column shows you a list of all available nodes. To filter the nodes, you can use the Servers menu in the TorK toolbar – filter options include Fast and Stable.

The Connections section of the window takes you to a list of current connections running via Tor. TorK shows you the chain of three nodes used for each connection.

The exit node, whose IP address the recipient gets to see, is marked by the flag for its country of residence. If you want the exit node to be in a specific country, you can choose Citizen Of… in the toolbar. However, Tor servers are not available in all countries.

If you prefer, you can select all three nodes, rather than just the exit node. To do so, drag and drop the nodes into the Circuits window. It typically takes a couple of seconds for Tor to establish a connection to the node, and for the node to appear in the list. Also note that the third node in your chain must be an exit node; that is, it must display the word "Exit" in its Tor icon.

By default, Tor will automatically choose a chain of available nodes for each connection. If you want to specify a chain for each connection, right-click the Connections field and select Let me Drag Connections to Circuits myself. Tor will wait until you have manually dragged and dropped three nodes to set up a working chain. By right-clicking and selecting Attach Connections to Circuits automatically, you reset this behavior.

The Tor Log tab takes you to error messages and warnings. The Traffic Log tab stores the outgoing Tor connections for the current session and, as a cross-reference, the connections that did not use Tor.

Conclusions

Although Tor encrypts the traffic between individual nodes, the connection from the exit node to the target is unencrypted. An observer at the exit node can therefore read all your passwords if they cross the wire in cleartext. If possible, you should use an encrypted protocol such as SSL/TLS.

Infos

  1. The Tor network: http://www.torproject.org/
  2. TorK: http://tork.sf.net
  3. Incognito: http://www.anonymityanywhere.com
  4. "Cold Boot Attacks on Encryption Keys": http://citp.princeton.edu/memory/
  5. Mixminion: http://mixminion.net

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Tor and Privoxy

    Internet users typically reveal their IP addresses, and this lets companies compile a profile of your Internet activities. Tor and Privoxy can help protect your privacy.

  • Anonymity on the Tor Network

    The Tor project supports a formidable collection of tools for protecting your privacy on the Internet. We'll give you some background on Tor and help you get started with the Tor Browser.

  • Node-RED on Android

    We show you how to control devices connected to Rasp Pi GPIO pins with text messages from an Android phone.

  • Freenet

    The Free Network Project provides a safe environment for free speech – even for users who fear censorship.

  • Anonymous Email

    Anonymous remail protects the sender’s identity against potential eavesdroppers. The Mixmaster protocol gives users a mature technology for anonymous remail, and the text-based Mixmaster client is an example of a free remailer application.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News