Home > Privacy > Tor – Anonymity Guaranteed?

Tor – Anonymity Guaranteed?

If you use Tor, your anonymity could be at risk from simple browser scripting tricks.
If you don’t already know, Tor is the name given to a set of software tools that route your internet traffic through relays to disguise your origin IP address.

Tor employs cryptography in a multi-layered manner, ensuring perfect forward secrecy between routers.

Read the Wikipedia Reference – They define it better than me.

Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online.

Read about Tor direct from the Tor Project website

You need the Tor software and some brains to set it all up; there is a one click activate Tor Add-On for Firefox which I highly recommend. (The Firefox browser, IMHO, is better than IE because it auto-updates. )

Now, If you’re a Tor user, head on over to the Metasploit Decloaking Engine to see if your browser can be tricked into revealing your true identity.
My configuration is Firefox 3.6, TorButton 1.2.4 and an old Tor software bundle; with Tor activated I am presented with 2 popup messages.

Metasploit Tor De-Anonymiser

Metasploit Tor De-Anonymiser

If you launch the application, your true IP is revealed to the remote server.
With Tor disabled, alarmingly, iTunes and Word automatically opened on my PC, no warnings, no polite requests.

Understanding what Tor can and cannot do is the best way to maintain your anonymity.

Advertisements
Categories: Privacy Tags: , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: