Tor 0.2.8.6 Is Released
The latest version of the Tor project was released this week, offering greater security and anonymity to individuals and organizations. Here's why you should care.
Once upon a time, worrying about government surveillance was a sure sign of paranoia. Unless you were building bombs or stealing secrets, the spies and spooks couldn't be bothered.
Today, governments can and do spy on all of us. Technology makes it possible—automated systems sift through our internet traffic, voice calls are monitored, and SMS messages are intercepted regularly. The cost of violating privacy has come down to the point where it isn't just viable—it's routine.
It's always been dangerous for citizens in oppressive regimes to speak out against their governments. Dictators have a bad track record for handling criticism. Today, there are countries where simply looking at information can lead to an arrest or worse.
Although it's easy to imagine such things happening overseas, the risk is much closer than you may think. Click on a link to the wrong website, and you're tagged. Search for ISIS news, and you're marked as a "radicalized menace". Send the bomb emoji once too often, and you've had it.
And if that wasn't enough, cyber-criminals also are getting in on the act. With so much private information passing through our devices, they make a juicy target.
Security and privacy are fundamental rights, and without them, life is pretty harsh. So it's in all our interests to protect them.
Which brings me back to Tor. While technology has increased the threat to many of our liberties, it also offers solutions. Tor is one such solution.
Tor circumvents many of the mechanisms that governments and others use to track your online actions. Normally, when you browse the web, your computer sends a steady stream of HTTP requests to your ISP and through multiple routers. These requests identify your machine and the server to which you're connecting. They are logged and can be monitored.
Now the content of the requests can be secure. If you visit a site with an https:// address, both sides will encrypt the information to protect your privacy. But the client and server still are visible in the request header.
For instance, if you posted some information to WikiLeaks, the content of that post would be encrypted. It would be safe from prying eyes, but those eyes would know that you posted something.
This information is visible as the request makes its way through the internet. Internet packets pass through many points before they reach their destination. That's how the internet works. Each step along the way is another point where data could be collected.
Tor offers a solution by hiding the source and destination under multiple layers of encryption. It uses its own decentralized network to forward requests and responses so they remain private.
And even if one of the Tor nodes is compromised, the sender and recipient still are protected. The entire message is encrypted so that only the last node in the circuit can read it. The layers of encryption are like the layers of the onion, and that's why it's referred to as onion routing.
Tor is essential for people in oppressed countries, organizations transferring sensitive data and journalists. But it isn't perfect. Cyber-criminals and intelligence agencies constantly are looking for exploits and weaknesses. That's why it's essential that the Tor developers keep working on the project to patch the holes and improve the performance.
The latest release contains more than 300 individual fixes and improvements—it's the result of months of work. The bootstrapping process has been overhauled for faster performance. The security keys for relays are stronger. And the code is now more thoroughly tested than before. The Tor team also has collaborated with Debian developers to offer better protection to their users.
If you want to read more about the changes that have gone into this new version, check out the changelog.
Limited Time Offer
Take Linux Journal for a test drive. Download our September issue for FREE.
Topic of the Week
The cloud has become synonymous with all things data storage. It additionally equates to the many web-centric services accessing that same back-end data storage, but the term also has evolved to mean so much more.