The FREE Tor networking software is so secure that even the NSA says it cannot break it. (See my earlier article at http://goo.gl/Y43zS3 for details.) I have been using the Tor Browser Bundle for more than two years now and can report that it works well. I suspect the Tor Browser Bundle is one of the best security tools available today. Probably it is THE best. Even better, Tor is super easy to set up and use.
TOR is an abbreviation for “The Onion Router.” It is called an “onion router” because of the multiple layers of security your data goes through. It is open source software. That means that the source code is available for review by anyone who cares to look at it. Indeed, Tor has been reviewed by security experts from all over the world, unlike software that is secretly created inside one company and never validated by anyone outside the one company. None of these experts have ever found any “backdoor” or other security loopholes in Tor. Even better, if anyone does find a security problem with the software in the future, a new version to fix the problem will be released within a few days, again at no charge.
Another reason for confidence with Tor is the fact that it was developed at the request of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications from online snoops of any nationality. Today, Tor is used every day for a wide variety of purposes by individuals, the military, journalists, law enforcement officers, activists, drug dealers, drug law enforcement officers, military-grade weapons dealers, terrorists, foreign governments, and many others.
Tor reportedly is used by the U.S. military and by the FBI although proof of that is difficult to find. However, it is easier to find proof that Tor is being used daily by other law enforcement agencies, as well as by political activists in many countries where governments are spying on its citizens, such as in China, Iran, Syria, and the United States of America. Journalists, businesses, and individuals who wish to communicate in chat rooms and web forums for rape and abuse survivors all use Tor to maintain privacy. So do drug dealers, arms dealers, and other criminals. The Tor project at https://www.torproject.org/about/overview.html.en also states that “A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement agencies use Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.”
Anyone who wishes to keep their communications private should be using encrypted networking, such as that offered by Tor. I admit to being a bit phobic about online security. I also travel a lot and don’t trust public wi-fi networks in airports, hotels, and elsewhere. In fact, I am even a bit leery of the broadband Internet connection installed in my home. The in-home network is probably safer to use than most public wi-fi networks but nothing is ever perfect. In theory, someone might be intercepting my communications for nefarious purposes. (“Can you spell NSA?”)
The “Tor Browser Bundle” actually is a collection of several software packages. The two that are important for this discussion are the Tor network software and the Tor Web Browser, a modified version of the Firefox web browser. The “Tor Browser Bundle” is available for Windows, Macintosh, and Linux.
The Tor software encrypts each and every byte of information I send or receive on the Internet, keeping my information away from prying eyes in the next hotel room or on the wi-fi network I am using at the moment or even from professional spies in remote locations. It can do the same for you.
With Tor, there is no software to install in the normal method of installing other programs. Simply download the required software for Windows, Macintosh, or Linux. Then click on one icon and an encrypted, secure connection starts and then launches a super-secure web browser. When finished, click on another icon to delete the encrypted connection or simply power off the computer. No “tracks” are left behind. The next user of that computer will not have any access to your information, not even in the browser’s “cache files” the way normal web browsers can store your secrets. There is nothing to install or uninstall.
In fact, you can even use this method on a borrowed computer, such as a friend’s system or at work or at school or when using a public access computer at a local library or Internet cafe. All you need is a flash drive or a CD-ROM disk with the proper software installed; insert that flash drive or CD into the borrowed computer, and run the program from the flash drive or CD-ROM disk.
Of course, nothing is ever perfect. While the Tor Browser Bundle does increase security dramatically, it does so at the expense of several other “nice to have” factors:
Tor Slows the Network Connection Significantly
Tor encrypts and relays each network connection through multiple computers around the world. Each relay induces a small amount of delay. Since Tor relays through numerous computers, the delay quickly adds up. In my use on a Macintosh with a 3.06 gigahertz Intel Core 2 Duo processor and 8 gigabytes of memory, connected to a 40 megabit-per-second fibre optic connection to the Internet, the delays were noticeable but not intrusive. Use of Tor on a slower computer and especially on a slower network connection might be significant.
TorBrowser Blocks Flash and Some Other Products
Java and Flash products can share information about you across sites and, more importantly, they know your real IP address and can communicate this back to their home server. The TorBrowser’s default settings block such software. You can change that default setting, if you wish, but doing so obviously increases the chance of security problems.
Your Internet Provider Might Block Tor Connections
Tor network connections are blocked by some Internet providers, including most Internet providers in China, Iran, and Syria. A few providers in the USA do the same. I recently discovered that the Internet connection on a cruise ship also blocked Tor connections.
Some Web Sites Block Access by Tor Connections
Because Tor is sometimes used for illegally downloading files and for other illegal purposes, a few web sites will block connections by the Tor protocol. When I tried to connect to Netflix.com, a message appeared stating, “Sorry, Netflix is not available in your country yet.” Indeed, my connection to Netflix probably was being relayed by one or more computers outside the United States. While using Tor to research information about Tor, Google frequently popped up CAPTCHA challenges asking me to enter a certain word on a page that states, “Our systems have detected unusual traffic from your computer network. This page checks to see if it’s really you sending the requests, and not a robot.”
Tor Only Blocks Network Snooping
Tor provides anonymity but does not provide end to end encryption so any message that is sent in the clear (i.e. unencrypted) is visible to all after it leaves the Tor network. Gmail provides an encrypted email service but Yahoo Mail, Hotmail, AOL, and many other email services do not. Hackers possibly can access your private email messages when stored on one of those servers. Yahoo Mail and AOL Mail are both notorious for hackers stealing information from stored email messages. If you care about the privacy of your information, you should never use AOL Mail or Yahoo Mail. For ultimate security, use an encrypted mail service. If you need to use a normal (unencrypted) email service, you still can protect the text of the message using a product like the free GnuPG (aka GPG) program. However, I find GnuPG to be confusing to use.
Security is Believed to be Excellent, But Nothing is ever Perfect
A bug was found in Tor a few years ago and was quickly fixed. This particular bug only affected those using the Firefox browser on Tor, not the TorBrowser. Details may be found at https://blog.Torproject.org/blog/Tor-security-advisory-old-Tor-browser-bundles-vulnerable. Even though this bug was quickly fixed, there remains a possibility that future security problems may arise in Tor. Of course, the same is true for every other security product. For absolute security, don’t use the Internet or any form of written communications.
You Might Attract “Extra Attention” from the NSA
In theory, the NSA is supposed to only spy on non-U.S. communications. However, Tor hides locations. Numerous news reports suggest that the NSA ignores this “restriction.” In addition, the NSA cannot determine the location of anyone using Tor. As detailed in a leaked document signed by Attorney General Eric Holder (see http://www.theguardian.com/world/interactive/2013/jun/20/exhibit-a-procedures-nsa-document), the NSA identifies people using anonymity software like Tor as foreign nationals by default. These users “will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person’s communications give rise to a reasonable belief that such person is a United States person.” If it’s eventually confirmed that the person of interest is in fact an American citizen, however, the records reportedly are destroyed.
Tor appears to be much more secure than any other product available today for use on the Internet. I trust Tor and TorBrowser more than I trust any other products. I use Tor every day when traveling and connecting to the Internet from public wi-fi and other networks. I also use Tor at home when sending credit card numbers and other sensitive information online.
I will suggest that anyone who wishes to keep their communications private should be using encrypted networking, such as that offered by Tor.
The Tor Browser Bundle is available free of charge at https://www.torproject.org/projects/torbrowser.html.en.
You can read about more uses of Tor at https://www.torproject.org/about/torusers.html.en.