Monday, February 6, 2012

TOR on Tiger

(UPDATE: This post is outdated. Please see this post for more current information.)

Well, it's been an eventful last few weeks on the internet with the shutdown of Megaupload, as well as news that Twitter will censor tweets, the FBI is seeking social network monitoring software, and some university student may be extradited from the UK to the US for hosting links on his website.

With all this going on, I thought it might be a good time to try out TOR, the open source privacy software that anonymises your internet activity from prying governments or anyone else. You may have already heard of it as a way to get around the Great Firewall of China. The bad news for us PowerPC users is the browser bundle TOR offers, a specialized version of Firefox bundled with other utilities that you just start up and run, is Intel only. The good news is they offer a "Vidalia Bundle" without the browser (you configure your preexisting browser) that works on PPC and Tiger here. If you're insane you can also compile it.

Vidalia is the name of the GUI utility to set up TOR on your computer, and it's pretty straightforward. The only glitch I saw was there's no dock icon like they said there'd be, only a menubar icon. Maybe a Tiger bug. The only difficult thing in setup was knowing which proxy settings to change in your web browser, but thankfully that task was taken up by the suitably named with the simplest and easiest explanation you'll ever find (pictures, too!).-->OUTDATED: go here instead. You can also look here to find instructions on how to set your proxy system wide. Then it's a matter of going to their test page (alternate test page here) and seeing if you're now anonymous.

I thought performance was pretty good. I'd heard the TOR network was slow as a snail, but that wasn't my experience. Web surfing was a little sluggish, but not too much. Now, it's important to note here that the TOR network does have its limitations. It wasn't made for filesharing, so using it to download torrents is considered a douche move that only slows the network for others. If you want to download TV shows or whatever anonymously, use torrents with a VPN or get a usenet account with SSL support, but let's leave TOR to non-filesharing activities like leaking sensitive documents, mmkay?

On a semi-related note, there's a program out in the wild called Reaver that uses a WPS vulnerability in your wireless router to snatch your WPA and WPA2 passwords. This is not a privacy enhancing program. The solution is to disable WPS in your router, but on many if not all Linksys and Cisco routers, you can't do it. And Netgear users report problems, too. So ultimately you'll have to replace your manufacturer's firmware with open source firmware like DD-WRT which doesn't support WPS.

That was mildly depressing.

UPDATE:  TOR developers have reported a previously unknown security vulnerability that could expose your IP address if you use websocket connections in Firefox.  They've updated their browser bundles with a bugfix, but not the Vidalia bundle for PPC.  I couldn't figure out if the bug applies to just the browser bundle users or to all others who are using external browsers (puzzlingly, TOR has no support forums), so I guess the safest thing is to disable websockets in TenFourFox by changing network.websocket.enabled to false in about:config and restarting TenFourFox.


  1. Je n'avais aucune idée que tout cela se passait. Est-ce légal? Qu'ils peuvent simplement utiliser logiciel surveillance réseau pour suivre les messages des gens et des choses comme ça? Je pense que ce serait contraire à une sorte de loi.

  2. This is very informative site I also want to share my experience. Now everyone can access blocked site using this link
    access via proxy