Categories: Guides

by peter

Share

A Guide to TOR. A while ago I wrote a blog post about why I use Tor in my daily life. It is used by many of the Hedgehog team in our Cybersecurity Consulting and our Penetration Testing engagements. I have since been asked how to set up Tor quite a lot.
First things first, Tor is NOT a tool to crime. Tor is a semi anonymous network for providing users with a level of privacy. Tor is an acronym, The Onion Router. It makes your web browsing significantly more private by layering encryption with your your data and routing it through multiple network nodes that act as intermediaries for your internet traffic. Any individual node only knows the previous and the next destination, so not even the entry node knows where you’re going online and the exit node has no idea who sent the data in the first place.
For more in depth information on how Tor actually works, you can read through the Tor Project documentation here.

A Guide to Tor – What is the Dark Web and how is it related to Tor?

Although similar to the deep web in theory, the dark web can be a bit trickier. It is intentionally a lot more obfuscated and requires special effort to access. This can involve needing to enter a password before accessing a page which seems pretty normal. Something a little more out there is requiring you to use a certain browser to open these pages. That browser is Tor.

How to use the Tor browser to access the dark web?

As weird as it sounds to us, you could be turned away from a website because of your browser. The dark web is hard to access because it includes a lot of crime, but it also has dark web versions of mainstream news sites. This allows people in oppressive states to access news in a manner that has not been tampered with and can be deemed reasonably secure.

So you can not only use Tor to access the dark web, but you can access the tradition web as well and your browsing will be encrypted. If you’re okay with a slower connection, you could use Tor every day. And if it’s not a compromise you’re willing to make, just remember to use Tor every time you visit a website you don’t want anyone in between to know you visited.

Guide to installing Tor

In the past, installing and then using Tor required technical skills and knowledge. Now, with the Tor Browser project, installing and using Tor is very easy. You simply start by installing the Tor browser project. Windows, OS X, Linux, and Android are all supported.

Guide to Tor

Once Tor installs, press Finish, and the browser will launch. Click Connect in the Tor Browser configuration window.

 

Click Connect in the Tor Browser configuration window.

Configure is for people who are using a proxy to access the internet. Wait for the browser to connect to the node network.

The first time you do this, you will experience a delay. Tor can take several minutes to establish that first connection. You are now ready to browse the Tor network!

The Tor Browser project is based on the same code as Firefox, so the interface will look familiar. However, if you’re not used to Firefox, no need to worry. It still functions similar to any other popular browser. Now that you know the basics, let’s delve deeper into the security of Tor.

Guide to Tor browser safety

There are 6 simple steps in this guide to Tor to ensuring that you use the Tor browser in a safe manner.

1. Set your security level

The Tor Browser comes with three layers of security. The settings are accessed by clicking the shield button next to the address bar and choosing Advanced Security Settings.

1. Set your security level
  • Standard is no different from operating any other browser.
  • Safer (recommended) disables JavaScript on insecure websites, blocks some math symbols and fonts, and prevents most audio and video from playing by default. This can mess with the functionality of some sites.
  • Safest cranks that up to 11, and only very basic websites work unimpeded.

We recommend using Safer or Safest mode. But experiment and see what level of usability you are comfortable with.

2. Check the other security settings

The Tor Browser uses a permanent private browsing mode. This means that history and website cookies get deleted every time you close the Tor Browser. When you start it up, it’s like using a new browser. We do not recommend changing this setting.

3. Change your browsing habits

Google tracks you. Facebook tracks you. Even Linkedin tracks you. Pretty much all websites these days is performing some element of user tracking, so be careful. Tor can not protect you if you use search engines that track your activity between sites. Do not use Google or Bing at all. Afterall, there’s no sense in using the Tor Browser if you’re just going to give away your data again. You should use search engines that don’t track you. Good luck in finding one. DuckDuckGo used to the be goto choice for privacy but that has recently been proven to be tracking people.

4. Try new circuits and identities

Like Virtual Private Networks (VPNs), Tor hides your real IP and makes your location private. The collection of nodes the Tor Browser uses to connect you to your online destination is called “a circuit.” If the website is working slowly or you want a new IP, click the shadowed window next to the website address. Here, you can request a new circuit – this will also reload the website.

A more powerful version of this is “new identity.” This will close all windows and tabs and restart the Tor Browser itself. If you’re on private browsing, it will be like starting up a new browser with a fresh new IP.

5. Use Tor over a VPN

There are three reasons why you would want to use a VPN together with the Tor browser:

  1. VPN encryption hides what you’re doing online – including using the Tor Browser, as some ISPs and governments are suspicious of it.
  2. A VPN hides your IP in case the entry node is compromised.
  3. The Tor Project does not recommend using advertisement blocking extensions on the grounds of privacy but many of the reputable VPN service providers block ads at source.

You’re using the Tor Browser because you want to be private online – and using a VPN compensates for some of Tor’s weaknesses.

6. Make sure your security measures are up to date

If you’re going to use the Tor Browser to access deep web sites, you better make sure that you’re as protected as possible. This means always updating your device’s OS, having a working firewall, and a reliable antivirus system.

How to use the Tor browser to access the deep web?

Once you have the Tor Browser running, it is possible to access “dark web / deep web” sites, as long as you know the .onion address. Herein lays the problem/beauty of Tor, these addresses are not listed anywhere. You simply have to know the address. You can not search for it.

Is it illegal to use Tor?

No, it’s not illegal to use Tor or the Tor Browser within the UK and Europe. It is illegal is countries that do not permit free speech and enjoy monitoring their citizens. Places like China, Korea and pretty much all of the middle east.

Tor is popular with people like whistleblowers and journalists. At Hedgehog, we routinely assist journalists is setting up their Tor environments to maintain complete secrecy in their article submissions to the office. Various governments may be interested in their users, and it does not guarantee total privacy or anonymity.

Tor network: bring privacy to your everyday life

Once you’ve learned how to use Tor from our guide to tor, it isn’t as intimidating as it can seem at first. Sure, it involves a few extra steps that you would avoid with a normal web browser, but it’s worth it for your privacy. Of course, the Tor network cannot keep you completely safe, which is why we recommend using a VPN as well.

Tor Bookmarks

  1. DuckDuckGo: https://3g2upl4pq6kufc4m.onion
  2. Tor Metrics: http://rougmnvswfsmd4dq.onion
  3. ProPublica: https://www.propub3r6espa33w.onion
  4. Ahmia: http://msydqstlz2kzerdg.onion
  5. Not Evil: http://hss3uro2hsxfogfq.onion/
  6. Riseup: http://nzh3fv6jc6jskki3.onion
  7. Hidden Answers: http://answerszuvs3gg2l64e, 6hmnryudl5zgrmwm3vh65hzszdgh, blddvfiqd.onion
  8. ZeroBin: http://zerobinqmdqd236y.onion
  9. Imperial Library: http://xfmro77i3lixucja.onion
  10. Comic Book Library: http://r6rfy5zlifbsiiym.onion
  11. Tunnels: http://62gs2n5ydnyffzfy.onion, http://74ypjqjwf6oejmax.onion
  12. 8chan: http://oxwugzccvk3dk6tj.onion/
Categories: Guides