Loading
Tor Browser Bundle-Tor Goes Portable
I've never covered a subproject of something I've reviewed before, but I noticed this a few weeks ago when trawling the Tor site (I've no idea how I missed it until now). It seemed so important that I instantly gave it top billing for this month's column.
Tor has become increasingly famous/infamous in the past few months due to its use by Web sites like WikiLeaks, as well as its crucial role in getting information out to the world during the recent Egyptian revolution.
For those unfamiliar with Tor, LJ has covered it before—see Kyle Rankin's article "Browse the Web without a Trace" in the January 2008 issue and my New Projects column in the April 2010 issue. But to recap, the Tor Web site sums it up nicely:
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites that are blocked.
However, in standard form, Tor is a rather cumbersome beast, with all sorts of background process dæmons, complex configuration files, startup services and so on. Even if you're a pretty advanced user, there's still a good chance of something going wrong somewhere, delaying your chance to jump on-line securely. This is where the Tor Browser Bundle comes to the rescue:
The Tor Browser Bundle lets you use Tor on Windows, Mac OS X or Linux without needing to install any software. It can run off a USB Flash drive, comes with a pre-configured Web browser and is self-contained. The Tor IM Browser Bundle additionally allows instant messaging and chat over Tor.
Before I continue, the Web site offers a caveat that LJ readers probably will find more important than most: "Note that the Firefox in our bundles is modified from the default Firefox; we're currently working with Mozilla to see if they want us to change the name to make this clearer".
Extending your options greatly, the Vidalia Control Panel is a great tool when using Tor.
If you get this message in big green letters, Tor's running fine!
The default no-script settings can send some Web sites haywire!
Installation
Although the bundle was designed to run on a Flash drive, that needn't be the case. Like many others, I simply saved this to hard drive and ran it from there. Feel free to do the same if you're so inclined.
As for installing the bundle (well, sort of), the Tor people were good enough to offer the following instructions, saving me a lot of trouble:
Download the architecture-appropriate file above, save it somewhere, then run:
tar -xvzf tor-browser-gnu-linux--dev-LANG.tar.gz(where LANG is the language listed in the filename), and either double-click on the directory orcdinto it, then execute the start-tor-browser script. This launches Vidalia, and once that connects to Tor, it launches Firefox.
Usage
Before continuing, this bundle is designed to run on machines that don't have Tor installed. If you do have Tor installed and running, stop the process and then you can carry on.
Now, with the Browser Bundle running, first the Vidalia control panel will start, which is designed to establish a Tor connection as well as manage various Tor options using a GUI front end. I recommend exploring the Vidalia control panel, as it has neat features, such as bandwidth monitoring, network viewer, settings dialog and more.
Provided all has gone well, Firefox should start and will try to load a Web page. This Web page takes a while to load—don't worry; the Tor network is pretty slow at the best of times, and if everything worked, you'll soon have a message that says in big green letters: "Congratulations. Your browser is configured to use Tor."
From here, you can browse like you would any other day, but the uninitiated may be in for a shock. Most modern Web sites have fancy scripts and Flash objects, and these very features are what causes the greatest security holes. Hence, Tor's browser disables these scripts by default. Chances are that the only Web sites that will work without hassle are deliberately minimalist in their design.
However, don't worry. If you look at the screen's bottom right, you'll see an icon with a blue S. Click on that icon, and you can choose either to enable scripts for this particular Web site or enable scripts globally (not recommended for the security reasons just mentioned).
Those willing to take the risk can choose new default settings for security in the preferences, available under Edit→Preferences. Given the nature of this project, the default settings are understandably set for paranoia. If you're undertaking work that involves a serious security risk, be very careful with what you enable or disable. If you're unsure of the risk you're taking, perhaps a more secure, minimalist and less-script-reliant Web service would be a better choice for your activities (assuming an alternative is available, of course).
Something I couldn't get working under the Linux version was Flash in general. My older brother said he used Tor to watch some overseas TV shows not available in Australia and inaccessible to those with IP addresses external to a certain country. He was using the Windows version of Tor, and I'm guessing that he would've used the Browser Bundle, instead of setting up a machine with Tor permanently installed. The content he was viewing was Flash-based, so he must have been able to enable it for such a session.
I realize that Flash presents a security risk, but many people will want to use the Tor Browser Bundle for something as trivial as watching international TV shows—not really the sort of thing that will have the authorities kicking down your front door. If any readers out there know how to get Flash running with the Linux bundle, feel free to drop me an e-mail. I'd love to hear from you!
Moving back onto more serious topics, in journalism in particular, projects such as Tor will become increasingly indispensable in moving information beyond borders and protecting user privacy against prying eyes. When I last tried Tor, it gave me a headache and was far from intuitive in its use. However, a clever little bundle such as this gives Tor's power of anonymity to those with average PC skills, and regardless of its use, that's an important thing.
Read more: https://www.torproject.org/projects/torbrowser.html.en
______________________
John Knight is the New Projects columnist for Linux Journal.
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- New Products
- The Pari Package On Linux
- What's the tweeting protocol?
- Trying to Tame the Tablet
- This is the easiest tutorial
1 hour 10 min ago - Ahh, the Koolaid.
6 hours 48 min ago - git-annex assistant
12 hours 48 min ago - direct cable connection
13 hours 10 min ago - Agreed on AirDroid. With my
13 hours 21 min ago - I just learned this
13 hours 25 min ago - enterprise
13 hours 55 min ago - not living upto the mobile revolution
16 hours 46 min ago - Deceptive Advertising and
17 hours 22 min ago - Let\'s declare that you have
17 hours 23 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
Comments
Tor FF flash and addons
Instead of enabling flash (and thus disabling Tor's security), install a FF addon such as downloadhelper or netvideohunter. Even though the video will not play, these addons may detect the video and allow you to download it.
Other ideas for the Tor FF: install the following addons (if any of these compromise Tor's security, please say).
Adblock Plus
BetterPrivacy
CookieKiller
Ghostery
QuickJava
Redirect Cleaner
Installation is easy
Thanks for the installation introduction, It seems this is not difficult.
What?
You know, I always appreciate new product/services reviews. I 've heard about TOR
before, and frankly, what good is it if you can't Flash? While I find it refreshing
for the honesty by John Knight, my question is this. I'd want to get TOR for...??
I believe you can watch
I believe you can watch YouTube/Flash by enabling the "dynamic contents" in the tor configuration :-) however this is highly not recommended as enabling these / plugins may lead to revealing of your identity.
If you want Flash, you don't
If you want Flash, you don't want security (see the reply to my last post). My wanting to use it with Flash entirely compromises it from a security point of view, but would have made a convenient way of getting international streaming sites.
Tor is not for everyday browsing - it's too slow for starters - it's designed for things like sending emails or accessing websites in countries where certain topics or content is politically sensitive and can get you thrown in jail or killed. Think journalists, aid workers, and so on.
John Knight is the New Projects columnist for Linux Journal.
Flash plugin
Try grabbing the flash plugin from an working install of Firefox and copying it to the USB mozilla copy. The bundled browser probably doesn't have the Flash plugin installed to the USB and doesn't know to look for it elsewhere.
First thing I tried (despite
First thing I tried (despite the awful effect on security). :( My main reason for trying this combo was simply as a handy way of watching tv shows in foreign countries, where the location check stops you if you're an outsider (Hulu for instance, a lot of BBC content...).
John Knight is the New Projects columnist for Linux Journal.
A little trick
I also use Tor for viewing iplayer movies. (Think Doctor Who on release day.) I use the browser bundle, but leave flash uninstalled. I also use Tor for other purposes, so don't want to compromise the security. My trick? Tor is setup as a socks5 proxy, so I copy the proxy settings found in the portable firefox version into chrome, and it works wonderfully.
Some caveats. Chrome uses the internet explorer settings in Windows, so these changes affect all programs that use that, re: any Microsoft programs such as WMP. Under Mac, were I use it the most, this is not an issue.
Also, to target specific countries, you must target servers in those countries by editing the torrc file.
I am realizing my solution has not saved me much time, as I now use two separate installs of Tor, one with default security, and one with the changes.
Anyway, hope that helps.
Don't use flash with tor.
Flash is the quickest way to compromise the anonoymity/deniability which tor gives you. Don't use it in the tor browser.
It keeps its own version of cookies, and is likely to subvert the proxy, especially if you don't you haven't modified the underlying computer to block all unproxied traffic.
lets its detect as mobile websites
Just an idea to use firefox plugin thats will change its to be detect as browsing from mobile device and serve mobile minimal design websites thats support it.