Tor and the Deep Web E-Book

Tor & The Deep Web 2 in 1 Pack

Lance Henderson

Copyright

Copyright 2018 by Lance Henderson. All rights reserved. No part of this book may be used, reproduced, or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the written permission of the publisher, except where permitted by law, or in the case of brief quotations embodied in critical articles and reviews

Contents

Introduction

"If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking ... is freedom" - Dwight Eisenhower

Friend,

My name is Lance and I am the author of this book on encryption security and anonymity. I have been an encryption enthusiast as well as writing about security in general for over a decade. I have been a member of many security and encryption forums since the 1980s, and have been involved with computer technology long before that (yeah I know that makes me an old geezer). But if there is a security or encryption program out there, I have used it and experienced its strengths and its shortcomings and (more than likely) attracted the attention of the authorities (more on that later).

I was there when PGP first arrived on the scene and when Napster was the dominant method of p2p trading. I have used most versions of PGP, Drivecrypt, Bestcrypt, Truecrypt, Tor, Freenet, I2P and every spinoff and copycat you can think of.

Let's face it. Today we are constantly bombarded with news by the media of those trawled, raided, arrested, imprisoned, tortured and humiliated because they weren’t necessarily breaking any law but because they did not know the difference between privacy and anonymity. I waited and waited for some smart hacker to put something up on Amazon to prevent this from happening.

Didn't happen.

So I decided it would be me. I stepped up to the plate pronto, though truth be told I had been meaning to put together some of the rudimentary elements of encryption security in such a way that a person without any knowledge of security encryption or anonymity could become familiar.

It is not a particularly advanced book, but rather a portal from which a beginner can step through with the assurance of anonymity when he is online. To that end I present a few tools (mostly free) at your disposal to accomplish this lofty goal. If you’re an advanced user, you just might learn some hidden vulnerabilities in your favorite anonymity program.

A PhD in computer science is not required to use encryption. Neither are you required to be a programmer of any sort. You only have to know your way around your operating system and be able to follow directions to the letter. If you know how to install an operating system, or for that matter, any application at all, then you can safely use encryption programs to preserve your own digital data and safety.

Privacy and Anonymity

If you’re like one of the many billions of people on the planet who use the internet to surf the net, check email, download programs or do any kind of online work, then you probably know there are risks associated with being a habitual internet user. That's just how it is. But it is not your fault that there are so many latent traps and pitfalls associated with online spelunking, in whatever form that may be.

It is just a fact of life that the Good lives alongside the Evil in our lives, offline or online. This book is meant as a beginner’s guide to distinguish between the Good and the Evil, and to conceal your online footprint. To be a ghost on the internet, that is our aim.

This book is not necessarily for the advanced, such as those who teach computer science courses, but rather it is for those who would like to learn to surf without compromising their identity, or having their online habits tracked 24/7, and who engage in some risky speech against their government once in a blue moon. It is also for those who might not know about some of the little known vulnerabilities in their favorite “anonymous” software programs. In the end, you just might learn there is a vast difference between “anonymity” and “privacy”.

Let’s start with the basics. I’ll just put this out there so you know the weight of the privacy situation entirely. As of 2014, you are always being tracked on the internet in just about every way you can imagine. Search engines, cookie managers, download managers and everything you do online has the potential to make someone, somewhere, a LOT of money. Most of the time, this is because laser-targeted advertising is extremely profitable. The more they know about your habits, the more money they make.

How?

Simple. If they know more about your fears, your likes and dislikes, and how and where you spend your money, they can deliver targeted advertising to you. Laser targeted advertising. That means more power for them, less for you. Now, advertising in and of itself is not such a bad thing, but neither is a loaded gun sitting on top of the fridge. By itself it can do nothing. However it is the method of execution that defines its usefulness.

If you type any medical search term into a major search engine such as Google, Yahoo, or Bing, soon enough you’ll start to see targeted ads. If you search for “how to cure a hangover”, you might not see anything right away, since hangovers generally don’t last that long. However if you were to type “how to cure herpes”, you will likely be typing variations of that sentence over the course of a few weeks or months since it is not an easy condition to treat. Eventually you would see pay-per-click ads start to manifest themselves in your search engine results in the top corners. These ads might be selling all manner of snake-oil remedies for the cure to herpes, or they might be referrals to medical specialists.

The bottom line is this: why do they think you have this disease? The answer is because you repeatedly typed it into the search engine over the course of days/months. Over the course of a year, how much do you reveal about your medical history and identity to your favorite search engine? Do you ever wish you could keep this information private?

They like to “bubble” your identity based on how you search: the time between searches, the time of day, your country, your area. With the help of a very specific item in your internet portfolio called an IP address, they can even find out where you live, who your ISP is, and chart a course right to your very doorstep. With the help of Google Maps, and a whole plethora of other mapping applications, this can potentially lead to some very annoying and/or embarrassing situations. Do you think this information would be valuable to door-to-door salesmen? Or perhaps a company that sends out mailed advertisements? Of course.

But first things first, let’s briefly say a word about the difference between privacy and anonymity since many would-be geeks confuse the two. They are not the same thing. Not by a long shot.

While we shouldn’t waste time splitting hairs here, it is probably a good idea to distinguish between the terms “privacy” and “anonymity”. The two terms are not really as interchangeable as you think. Let’s say that you have Firefox running, and you are working from home with a direct connection to your ISP. You don’t want anyone knowing what you’re doing, so you select the “private mode” tab in Firefox. This disables cookies and inhibits the ability to store any remembered websites (unless you choose to do so).

However this privacy only goes so far. It does nothing for the IP address problem we discussed earlier. Search engines still see it, as does your internet service provider. Both entities know which sites you visit and for how long, based on your IP address. In short, they can see everything. Your wife can’t, however. That is why the privacy mode in web browsers were built: to keep the sites you visit private and out of the public view.

Is this privacy enough for your needs? You certainly have some level of privacy, but anonymity is another matter. Anonymity takes privacy to an entirely different level, where the IP address, and thus anything you do online, is extinguished like a wet cloth to a candle’s flame through layer after layer of digital barriers. If you want to have privacy, use Firefox’s private mode, or use a VPN service provider in conjunction with this feature to ensure no one else in your household can see your online footprints. This assumes that they do not have access to your laptop or PC.

If that's the case, it's game over.

If on the other hand you want anonymity, there are several tools are your disposal, one of which is to use the Tor network. In doing so, you will guarantee yourself strict anonymity and be assured of simple privacy as well, provided you don't do something stupid like blurt out enough info (on a forum, for instance) that narrows you down to a city or state.

The Anonymous Tor Network

"If money is your hope for independence you will never have it. The only real security that a man will have in this world is a reserve of knowledge, experience, and ability."

Henry Ford

Every Internet Service Provider assigns an IP address to every user who logs into their network. From there, you can connect to the millions of websites, newsgroups, and online applications that you enjoy most. IP addresses are like phone numbers. They tell your computer where to connect and send packets of data. They need this information to not only send data, such as html code, but also flash code so you can watch Youtube videos. These are targeted with ads, too. And if you bring up task manager in Windows, you can see Flash player running. Do you think Adobe is not sending data back to them about your habits? Let's continue.

So, if the security of online privacy involves concealing the IP address between two computers, how do those two computers talk to each other without a direct connection? If you hide the phone number, how do you make the call? The answer is simple: you have someone else in another country dial the number for you. This is the first step to being anonymous online. Do not use the IP address (yours) as a direct connection. Hire a middle man to do the talking for you. How is this possible? There are several ways. You can use the free online program called Tor, which acts a relay point between you and your online destination. There are also paid services called VPNs (virtual private networks) as well as other anonymous networks like Freenet and I2P, but we’ll get into the specifics of those later.

First and foremost, let’s talk about Tor.

It is the quintessential solution to online privacy since it masks your IP address. The websites you connect to have no way of knowing where you live, which ISP you are using, or what your browsing habits are. When you connect to the Tor network, you are establishing a conduit whereby if you connect to a website (Google for instance), it connects through several layers of IP addresses, or “onion layers” to reach its destination. You send out a message, email, or some type of communication. The message then goes to Bob, Jane and Herb, then finally reaches the end of the line…your favorite webpage. It routes data (backwards/forwards) through an onion later of IP addresses, so that no one adversary can see who sent what without very significant resources.

As you have probably guessed, there is a small speed hit in doing this. In order to hide your IP address, several “hops” or intermediaries, have to be jumped through. Like portals. Without going into too much technical detail, let’s just say that these hops serve a very valuable purpose: to keep your private communications out of the hands of those that intend to snoop on you. Since your IP address changes every time you login to the Tor network, they can’t “bubble” you effectively and target you with ads because you look like a different person from a foreign country to them each time you login. The Tor relay will end up giving you a different country to “pop-out” from with each session of your Tor browser, thus making it impossible to know your origin or where you will go next.

Let’s examine an analogy between Tor and regular internet usage. You’re sitting in your living room browsing anonymously via the Tor network. Your wife on the other hand is sitting in the kitchen on her Macbook, browsing without Tor. You might wonder if her browsing habits break your own anonymity. They don’t…up to a point. While your isp doesn’t know what *you* are doing online, they certainly do in regards to your wife.

Imagine yourself driving down Main Street in a Mercedes with tinted windows. No one can peer inside to see what you are doing at the stoplight. Not even the cops. Your wife on the other hand has non-tinted windows. People can glance over without any effort and tell if she is smoking a cigarette, listening to her iPod or talking on her phone. You are anonymous. She is not. The ISP along with any websites she visits can see everything she does online. They can’t see what you are doing, however.

Firefox (and many other browsers) talk to different hosts, with the router acting as the traffic cop. An example:

Your machine: Port X, Machine A (Tor: all encrypted traffic)

Your wife: Port Y, Machine B (without Tor: all visible traffic)

It's like shooting fish in a barrel, and for the NSA, even easier than that. This same concept also applies with other things you may do on your machine while using Tor. If you use BitTorrent, your ISP can still see what you do on the P2P network even if you are running Tor simultaneously. But it cannot see the contents of the Tor network.

Thus, don’t do anything on your P2P network that you wouldn’t want your ISP to know about. Tor however is a different story since they cannot see what is going on between Tor relays. For all intents and purposes, Tor is like a cloak of invisibility that shields you from the sight of all onlookers, unless you have accidentally ripped a hole in the cloak (i.e. turned on javascript). If you are thinking, "Wow, it might be cool to run BitTorrent through Tor so I won't get sued". A nice goal, except BitTorrent devs aren't falling over themselves to implement this feature with Tor, and the Tor network can't really handle the bandwidth anyway. You'll just make everyone else miserable by downloading those 720p Blu-Ray rips you can easily get from Usenet (and with SSL, you're not likely to get sued.)

It might be prudent to spell out some of the best practices of using the Tor network should you decide to use it. First, although the Tor package comes with a preconfigured Firefox browser, there are still some rules you should follow that might not be apparent.

Tor and Torrents

A word about torrents and the Tor network. It might seem on the surface that running your torrent client through the Tor network would be an obviously beneficial idea. After all, if Tor can cloak your regular Firefox downloads, surely it can do the same with torrents too, right? Well, yes and no. Yes, you could route your traffic through Tor using your favorite torrent client, however this is not a good idea for several reasons.

The first is that Tor was never developed to withstand the kind of punishing traffic bandwidth that usually comes from torrenting.

Secondly, most torrent clients like uTorrent, BitSpirit, and libTorrent are not coded properly to make you anonymous on the Tor network. They often will ignore their socks proxy settings since UDP protocol is heavily involved with torrenting, and will send your real IP address to the tracker, thereby defeating the purpose of using Tor completely. Tor in fact still does what it is coded to do: send whatever packets anonymously through the Tor network to your destination. However, it sends your IP address within the torrent tracker right along with it…anonymously.