122

How much can I depend on Tor for anonymity? Is it completely secure? My usage is limited to accessing Twitter and Wordpress.

I am a political activist from India and I do not enjoy the freedom of press like the Western countries do. In the event my identity is compromised, the outcome can be fatal.

Anders
  • 65,052
  • 24
  • 180
  • 218
Freedom
  • 1,255
  • 2
  • 9
  • 4
  • 28
    Not really an answer, but note that Tor only grants *anonymity*, whereas any information you send out (including your password) will be freely exposed. – AviD Dec 09 '10 at 15:49
  • 21
    Just an (obvious) comment: Be very vigilant about using SSL (HTTPS) through Tor. Twitter fx has an optional account setting to always use SSL, which you should use. Also consider browser plugins such as EFF's "HTTPS Everywhere", and manually enter URLs into the Address Bar with the HTTPS:// prefix. –  Jul 17 '11 at 09:40
  • Have a look to this article: https://blog.torproject.org/blog/plaintext-over-tor-still-plaintext – AdventN Jun 26 '12 at 11:19
  • I think if you have javascript enabled in tor, it can use some code to reveal your ip address.
    is this true?
    –  Jan 19 '13 at 15:37
  • 6
    https://www.eff.org/pages/tor-and-https – sterz Sep 03 '13 at 20:38
  • 3
    I would suggest using Tor through a VPN too, so that your ISP which may be state controlled, can't see you're using it. – deed02392 Mar 19 '14 at 14:02
  • 3
    http://www.counterpunch.org/2014/07/18/the-nsa-wants-you-to-trust-tor-should-you/ – TecBrat Jul 21 '14 at 14:44
  • I would trust it as much as any other government sponsored and government initiated software program. – Fiasco Labs Apr 08 '16 at 04:01
  • 1
    @TecBrat To put it very kindly, the counterpunch article is garbage, as pretty much all their articles about technology (esp. nuclear, pesticides, etc.). – curiousguy Dec 23 '16 at 14:32
  • @curiousguy I've become more careful of my news sources over the years. I have no reason to defend counterpunch, and doubt should be the default state of any "News" we read. – TecBrat Dec 26 '16 at 15:36
  • You can tell someone to use windows without an antivirus/internet security yet you tell him to use TOR to protect his identity. what if you got a spyware ? Also using applications like torrent apps will certainly expose your IP regardless of whether you're using Tor or not. – Moh Mar 19 '14 at 12:40
  • @FiascoLabs It is no more government sponsored and initiated than your Logitech computer mouse, which came from DARPA. The Navy came up with the concept of _onion routing_, however no Navy employees work on Tor and the source code is entirely under control of the Tor Project. – forest Feb 24 '18 at 03:53

5 Answers5

81

Tor is better for you than it is for people in countries whose intelligence services run lots of Tor exit nodes and sniff the traffic. However, all you should assume when using Tor is that, if someone's not doing heavy statistical traffic analysis, they can't directly correlate your IP with the IP requesting resources at the server.

That leaves many, many methods of compromising your identity still open. For instance, if you check your normal email while using Tor, the bad guys can know that that address is correlated with other Tor activity. If, as @Geek said, your computer is infected with malware, that malware can broadcast your identity outside the Tor tunnel. If you even hit a webpage with an XSS or CSRF flaw, any other web services you're logged into could have their credentials stolen.

Bottom line, Tor is better than nothing; but if your life is on the line, use a well-secured computer for accessing Twitter and WordPress using it, and don't use that computer for anything else.

Jamal
  • 148
  • 1
  • 8
user502
  • 3,301
  • 1
  • 23
  • 18
  • 1
    Thank you. For my part I use Linux even though I am not good at it. – Freedom Dec 09 '10 at 15:27
  • What does "broadcast your identity outside the TOR tunnel" actually mean? – Pacerier Jul 17 '12 at 20:32
  • 13
    @Pacerier "Hi, I'm , I live at
    ."
    – Polynomial Aug 22 '12 at 11:56
  • @Pacerier For example, a remote access trojan on the system would both be aware of Tor running and possibly a direct route to the Internet. It could expose all this information in its C&C server traffic. Generally these aren't state-controlled but Snowden releases make it feasible enough, you ought not bet your life on it. – deed02392 Mar 19 '14 at 14:02
  • 1
    What about TAILS? – KnightOfNi Jul 01 '14 at 23:40
  • 1
    Tor is casual anonymity if used without additional measures against leaking of data into the internet. Even if you use the Tor browser bundle, you will expose a lot of "noise". Especially if used on commercial operating systems which rely on cloud based services, submitting telemetry and frequently sync data. Tails is a very convenient way to make it harder for some parties to identify you. But it most likely won't help against gov. attacks. If you want to work anonymous, anything which can communicate to the outer world must be disabled and physical access to the computer must restricted. – Axel Mar 09 '17 at 22:53
  • 1
    If you want to go one step further you should consider that usage of such tools may make you suspicious. And this shouldn't be underestimated. If used with your own ISP, the ISP may and can detect that you are using TOR. Beside all other decisions, you should be aware that security is not convenient and that you have to change the way you use technology and services. A static mail address? Forget it! Carry a phone while wanting to surf the internet? Forget it! Use the same internet access point more than once? Forget it! Use you "anonymous" device for all day work and games? Forget it! – Axel Mar 09 '17 at 23:06
  • 1
    The best you can do is to use something like "Disconnect" Linux on a computer with technically disabled ports (except one USB for data exchange), technically disabled network connectivity (Bluetooth, Wifi, GPS, 3G, LAN) and removed hard drive. You should also be very strict with physical access to this machine. Especially do never use foreign USB sticks, leave it unattended or let others play with it - even not, if they are your friends. – Axel Mar 09 '17 at 23:09
  • 1
    But even if you want to do this steps: Be aware that download webpages may be forged and compromised. Governmental players may fake certificates and may be able to play man in the middle while accessing and downloading. Even signature / hash verification may fail in this case. So you should consider verifying using the pgp web of trust to get more safety that you receive an untampered ISO image. – Axel Mar 09 '17 at 23:11
41

2013 calling

I think this question deserves a new answer after what we know now. Given the financial sources of the Tor project and what we learned about the NSA inserting backdoors (e.g. see here) casts a shadow on the trustworthiness of the project.

From the annual report for last year (linked above):

excerpt from the fiscal report of the Tor project for 2012

However, keep in mind that the US government claims they want to enable all kinds of people around the globe to communicate unencumbered by local national censorship. You yourself probably fall into that category. It does of course not preclude eavesdropping on them, but it would give a motivation for financing the project other than the potential darker intentions one could think of in light of the recent leaks concerning global surveillance.

Also, this recent publication ("Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries") about how identifiable users puts a big question mark on the usefulness of Tor w.r.t. anonymity. Apparently that's a big concern of yours.

I don't know what resources the Indian government (assuming that's your "adversary") has available, but it's certainly a factor to be considered.

All that said, I think that in combination with other measures such as re-mailers, encryption, VPN and so on, you can probably evade successfully for some, possibly even a very long time. So Tor will be useful as one thread in a safety net. But be aware that this thread may turn out inefficient, so don't let it be the only type of thread in your safety net.

0xC0000022L
  • 1,603
  • 2
  • 15
  • 20
  • 3
    This is a really bad conspiratorial answer essentially calling out finances and claiming it affects the security of an open source tool, especially when you mention an unrelated NSA program. Then you link to a single (of many) research papers that only work in a lab environment, i.e. without the natural jitter and latency of the real world. – forest Feb 24 '18 at 03:47
  • @forest yes, the NSA eavesdropping on the world was also a merely conspiracy theory until one whistle blower decided to blow the whistle. And that despite there being predecessors to Snowden for various, well let's say _questionable_ actions by three-letter agencies. What I wrote is that it _casts a shadow_ on the trustworthiness but that there may be no ulterior motives other than enabling communication of dissidents. Let me guess, the [Dual_EC_DRBG](https://en.wikipedia.org/wiki/Dual_EC_DRBG) is presumably also merely a conspiracy. – 0xC0000022L Jun 09 '20 at 14:30
  • True, _had I framed it the way you frame my answer_, that would be bad and conspiratorial. But I gave perspective and I stand by my answer. As long as you compound your usage of Tor with other security measures, it's a valuable tool. When the question would have been about SHA-1 instead of Tor, would the mentioning of a single research paper showing how to considerably decrease the work needed for a successful preimaging attack make this a less relevant study? Don't think so. Security is always as strong as its weakest link. And so these things should be considered. – 0xC0000022L Jun 09 '20 at 14:36
35

You would also need to be careful of the fact that your ISP is in a position to see that 'your IP address' is using Tor, even though it can't tell what you're using Tor for. If conditions are so hostile that you could be brought under suspicion simply for appearing to be clandestine, then you should take care to use Tor everwhere except on an Internet connection which can be strongly associated with you.

David Bullock
  • 542
  • 4
  • 9
  • 1
    You can use an obfuscated bridge to hide that fact from your ISP. That is what they are for. – forest Feb 24 '18 at 03:51
23

It does give you considerably more protection than browsing directly. There are some identified weaknesses which offer potential routes to attack your computer, however these can be mitigated using normal protection on your machine (ie patch/av up to date, run as unprivileged user etc) but the only real weakness in terms of compromising privacy seems to be the following:

  • Given enough nodes, an organisation could make reasonable estimates as to the identity of an individual by tracking the behaviour on various websites. I think it is reasonable to assume that 3-letter agencies in the US have this capability, but I wouldn't want to guess about others.

In summary - you don't have a huge amount of options, so TOR is probably what I would recommend, but you could provide extra protection by connecting from different locations, and avoiding accessing twitter and wordpress in the same session? (unless of course the two are supposed to be linked?)

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
5

You can not say Tor can solve all your problems. There can be many ways to compromise your identity, let us say you have a worm in your system? Since you accept you are a political activist there would be so many people ready to exploit your computer.

forest
  • 65,613
  • 20
  • 208
  • 262
Geek
  • 399
  • 1
  • 2
  • 8
  • 1
    I use Linux and the laptop I use for my work is completely isolated. – Freedom Dec 09 '10 at 15:28
  • 5
    Using Linux is not, of course, a solution to malware on your system. Isolation is, of course. – AviD Dec 09 '10 at 15:46
  • 1
    Very interesting. Which OS Suse, Redhat, Fedora, Ubuntu ? Do you think they don't have vulnerabilities ? – Geek Dec 09 '10 at 16:04
  • 4
    I'm by no means advanced in security, but, while may be better than your average Win-dows box, "Linux" (which one?) does _not_ equals "safe". There are OSes that try harder to be "secure at default", ie. http://www.openbsd.org/security.html – n611x007 Oct 22 '12 at 18:59