By now I'm sure you've all heard the various horror stories about how your web browsing activities are being spied upon and stored. This has included government agencies, web site trackers, and possibly even your ISP. Recent stories in the news have confirmed that the FBI has been involved in tracking users web browsing activities, and that they have even gone so far as to install malware on some systems in order to enhance their tracking ability.
For the most part however, this has been limited to those that engage in illegal activities, such as child pornography, and at least one child pornography ring has been busted by using the
malware installed by the FBI. It's important to note that the malware was installed only because the default administrator password was not changed, thus giving total access to the system in question.
So, how can you protect yourself from this tracking and storing of your web browsing, and how can you attempt to be anonymous as well? One easy way to do this is to use the Tor (The Onion Router) network in conjunction with the Tor Browser Bundle, which I will refer to as TBB from now on. The TBB is free open-source software that is available for Windows, Mac, Linux and Android, that you can download from here. The TBB is based upon the Firefox browser, with specific privacy enhancements and addons. It is also available in source code format for those of you that want to compile it yourself.
Be sure to only download from the official Tor web site! A recent article, which you can read here, shows an attempt to trick users into thinking it's the real Tor web site, and because it's an exact duplicate of the Tor web site, except for two links, it's possible to show up with a search for Tor. Can you guess what will happen if you download and install the software from that site? You guessed it, congratulations you've got malware!
The Tor network consists of 1000s of volunteer nodes that handle all of the traffic going into and coming out of web sites. These nodes run a special version of Tor known as a relay. Running a relay of your own is encouraged, but you should probably check with your ISP before doing so. A relay node can be an entry or middle node, one that only transfers data to and from another node, or it can be an exit node, one that transfers data to and from a web site.
When you fire up the TBB, it gets a list of the active nodes from a special server known as a directory server. After that, three nodes are selected at random for use. An entry node, a middle node and an exit node. These nodes then serve as the route from your computer to the web site that you want to visit. As you can imagine, this would already make it difficult for anyone to track your browsing, but it doesn't stop there. Any data you send with a click of your mouse, a web site URL for example, is encrypted three times, one layer of encryption for each node. The entry node will obviously know where the data is coming from, but will not know what it's ultimate destination is. The exit node, similar to the entry node, will obviously know the destination, but will not know where it originally came from or where it's intended to go back to, that being your computer. And finally, the middle node will not know either the origin or destination.
The end result is that a web site you visit will not know your real IP address. Also note that because of the three layers of encryption, no node can decrypt the data not intended for it. This is the method by which the entry node, for example, cannot decrypt the data intended for the exit node. It's really not as confusing as it sounds at first, and it certainly adds to the overall security and anonymity of TBB. Take a look at the diagram above and you'll get the idea.
Now that you have an idea of how Tor works, let me give you a brief history of Tor and its current usage. Tor started out as a project of the US Naval Research Laboratory for the purpose of protecting sensitive government communications. Today, Tor is used by many people, including journalists, activists, law enforcement, and even the military. Sadly, it is also likely used by criminals, but that is the nature of the beast.
It might seem odd that the FBI has tried to infiltrate Tor while at the same time using it themselves, but that's a catch-22 that they have to deal with. Tor is also used by individuals whose ISP or government block their access to certain web sites for political or other reasons. Recent examples of this include Turkey blocking access to Twitter in March of this year and Iraq blocking access to Facebook, as well as the Tor web site, in June. These blockages inevitably lead to a spike in Tor usage, as well as mirrors of the Tor web site being setup, your typical cat and mouse game.
Once you have downloaded the TBB, it's a simple matter of installing it following the normal procedure for the operating system you are using. For Windows, you just double-click on the .exe file you downloaded and follow the simple on-screen instructions just like you would for any other program you might install. Once the installation is complete, you then double-click on the 'Start Tor Browser.exe' (you do remember where you installed it to, right?) and you will soon be greeted with a congratulations screen. If you're curious, you might want to click on the 'Test Tor Network Settings' on the congratulations screen. You might also want to right-click on the .exe file and then create a shortcut on your desktop, so you don't have to bother looking for the .exe file in the future.
Now that TBB is running, just surf the net like you would do normally, knowing that your browsing activity cannot be tracked or traced back to you. A few usage notes are in order here. You can run TBB and your normal web browser at the same time, even your regular Firefox if you like. One of the privacy features of TBB is that when you exit it, all cookies and web browsing history etc. is not saved or stored on your computer. Keep this in mind if you need this info saved.
So far this all sounds great, but what are the downsides to using TBB? You likely will have issues with e-commerce sites and their security requirements, many of which block Tor exit nodes anyhow. Other web sites block Tor exit nodes too. For example, you likely will not be able to edit a Wikipedia article. Gmail will also make it difficult to create a new account via Tor, although if created without Tor it's usually not a problem to use it afterwards via Tor. While TBB has been designed and tested to resist tracking, in theory it's possible that a well-connected adversary, such as the NSA or FBI, could in fact track your web browsing usage. While extremely unlikely in my opinion, it's just something to consider. Normal web browsing precautions apply here as well, including having up-to-date anti-virus software.
Finally, no discussion of TBB would be complete without mentioning an alternative solution, that being Tails, which is a complete operating system with Tor already included in it. You can find out more about Tails at »tails.boum.org/.
Last but not least, here's what my recent Gmail activity looks like while using TBB. As you can plainly see, my real IP address is nowhere to be found, and I've certainly never been to Poland.