Using Tor in Order to Surf Anonymously

Discussion in 'Keeping Your Anonymity In Iran' started by Commissar, Jun 15, 2009.

  1. Danielle20 Member

    Is a proxy hard to creat if you are Dyslexic?
  2. CocoChanels Member

    Who knows where to download XRumer 5.0 Palladium?

    Who knows where to download XRumer 5.0 Palladium?
    Help, please. All recommend this program to effectively advertise on the Internet, this is the best program!
  3. How would that help Iran?
  4. patrick30 Member

  5. SanguineRose Member

  6. ffazad Member

    News from Tehran: Tor and Squid

    Hi there,
    during the last days I installed Squid under Windows XP and TOR server. I gave all the information about my Squid-Proxy and installation of Tor to my brother in Tehran.

    - Squid works well. Facebook and all other filtered sites are accessible via Squid except youtube. It seems that they use deep scanning only for youtube.

    - Tor works properly for all addresses, also for youtube.
  7. Hechicera Member

    Good to hear.
  8. Tor exit nodes

    Please understand that TOR only guarantees obscuring origin IP.

    TOR can be spoofed at the exit node, and intelligence units
    have been running rogue exit nodes which sniff the traffic
    going out of the cloud.

    This is the tradeoff for a public open peer-o-peer network.
    A network like haystack, in which the server nodes are private
    ISPs of trust, will not be as vulnerable (if said trust is solid).
    But TOR has much more bandwidth, fewer limitations, a much
    bigger cloud of nodes with which to hide connections in.

    So if you don't explicity trust a specific exit node, do use TOR
    but stay pseudonymous or anonymous. never reveal sensitive
    or personally identifiable information.
  9. dont use

    I am sure Lynx though he was doing a service with,
    but unless there's an evident reason, please don't trust any
    downloads from any adhoc sites, regardless of signature.

    the only TOR you should installing is the one from
    the canonical TOR project page:

    Tor: anonymity online
  10. SanguineRose Member

    Do we have to have this conversion about how a gnupg sig works again?
  11. thanx

    Please, I know how a sig works, I worked in a top crypto firm for 3 years.

    the torir dl+sig does indeed verifiy to Andrew Lewman of

    but it's not the same distro. 1.2.2 versus 1.2.4.
    who knows what holes were patched since then?

    The TorProject page has changelogs for tor releases,
    no idea how this maps to the browser bundle versions.
    but for an example of severity, this is the latest changelog:
    Changes in version - 2009-??-??
    o Security fixes:
    - Fix an edge case where a malicious exit relay could convince a
    controller that the client's DNS question resolves to an internal IP
    address. Bug found and fixed by "optimist"; bugfix on
  12. CocoChanels Member

    huh.... well..

    no any cracks(((
    Think, XRumer 5.0 Palladium is really BEST software for promo and for SEO!
  13. Unless they can state why using a message board spammer proggie increases anonymity while using Tor to surf anonymously .... I'd say this post (and the one above by them) is advertising spam.

    I could see a use a few forums down maybe ...
  14. Proxy4Iran Member

    Private proxy for my friends in Iran


    First, I want to thank everyone who has put time and effort to help the green movement in Iran.

    I have an extra computer and I'd like to create a private proxy for my family and friends living in Iran. I want them to be able to securely route all their traffic through my computer here (encrypted). I live outside Iran. It seems to me that setting up TOR is too much for this purpose as I can be the exit point (one hop is enough here). Any simple software for this?

  15. Hechicera Member

    There is a package, but ...

    Squid, available for a variety of platforms. You'd want to configure it to only trust their IPs.

    Iran seems to have robust keyword-searching deep packet scanning on most internet traffic now. NedaNet Resource Page is no longer recommending squid for this reason, if you send anything out with a potentially inflammatory word on the list they may be noticed. If they are tech savvy and can set up their own encryption (like SSH tunneling) to use through your proxy then fine, or if they are already used to being monitored and have set up encryption for most of what they use anyway.

    If they aren't tech savvy, Tor may be easier for them to set up correctly on their end. Squid through you will give them a fast connection out (which Tor won't) but then they have to be very careful not to trigger keywords for the packet scanners. I can't tell what the level of risk vs. use vs. level of tech savvy on their end is ... so I'm giving fairly broad advice.
  16. Exit node

    You could use zebedee, a simper ssh,
    but I really reccomend TOR.

    If your family uses your tunnel to access
    sites under surveillance, traffic analysis
    will eventually pinpoint their location.

    This is precisely the ideal case to run a Tor
    node, in fact as an exit node, because you
    have a relationship of trust pre established.

    IMHO running ssh is probably going to be
    more difficult for a layman than Tor.
    Understanding keys, firewalls, NATing
    and tunnelling takes some time.

    You should run TOR, and either publish
    your bridge to them, or even better have
    them explicitly use you as their exit node.
  17. Proxy4Iran Member

    Exit node

    Thanks for your replies.

    I am now more convinced the TOR might be the way to go. I have some concerns though and I appreciate your views on these.

    I thought I should setup my computer as bridge (entry point) but you suggest I should set it up as an exit node. Can they directly connect to an exit node or they need a different entry point?

    This brings me to my next question which is are there unblocked TOR entry points available to people in Iran? If yes, how can my friend access them (list of IPs,...)?

    My last concern is that it seems TOR does not encrypt all the outgoing packets and it depends on the application. Isn't this a treat?

    Thanks again guys,

  18. exit node

    well, if they always connect to you as a bridge,
    first of all it makes for easier location spotting
    on their end because they are always hitting the
    same node. secondly, TOR is terrible for latency,
    because of the multiple hops and encapsulated
    encryption in between, so you being remotely
    located makes it that much more, read in multiples,

    what they should do is get 3 random bridges from
    the TOR site, and switch them every so often.
    note that the entry node doesn't get to know the
    precise destination or data, to it it's just encrypted
    stream bytes through SSL, with some routing info
    thrown in to help steer to the right place.

    it's at the exit node that all the data gets decoded,
    and that is where the vulnerability lies. a Swedish
    hacker managed to spoof exit nodes a few years ago,
    and since then basically all the intelligence communities
    run their own rogue nodes, fishing for data. To wit,
    it's actually high yield, because the people who tend
    to use TOR use it for a reason: embassies, whistle
    blowers, reporters in censored environment.

    note that this is in fact of the TOR threat model.

    it's a tradeoff between a system where you have
    to trust a central authority to have clean servers,
    like say HayStack or ZeroKnowledge's Freedom.NET
    was back in the day, or a decentralized peer-to-peer
    network like TOR or FreeNet.

    so IMHO, if you already have a relationship of trust,
    I suggest being an exit node for them. If not bridge
    is also good.
  19. entry+exit node

    about using a bridge as an exit node:

    the point of TOR (The Onion Router), is that
    you force the connection to bounce around
    a few proxies, thereby dissociating the origin
    from the destination.

    so you connect through tehran, bounce through
    amsterdam, then to paris and then finally to
    the desired website say in amercia.

    between each hop, the payload is encrypted using
    a new key, so even if you manage to peel the first
    layer from the 3rd hop, there are still two layers to
    decrypt and break.

    this is known as encapsulated encrypted.

    so running a node as both entry and exit removes
    that advantage. in that case it basically becomes
    just another proxy tunnel, and TOR is slow for that.

    the disadvantage with this is that it's open to traffic
    analysis if the bad guys can sniff both ends. then they
    can see that whenever a connection from your proxy
    hits a banned website, yoru relatives happen to be
    hitting your proxy. not to hard to figure out what's
    going on then.

    to counter traffic analysis, TOR has a few other tricks
    up its sleeves asides from multiple hops; for example it
    plays with timing and resizing, to make traffic seem
    regular (traffic shaping) so you can't correlate directly
    by gauging size and frequency of traffic, and since a
    lot of people are using a node for a varietry of reasons,
    you can consider it to be traffic padding, since a lot of
    the messages hitting your nodes won't be yours.

    all this at a huge cost to speed, of course.

    If you think a one-hop tunnel is sufficient for your needs,
    you can run an ssh proxy, a squid ssl proxy, or a JAP
    java proxy to do this job just as well.
  20. Proxy4Iran Member

    Thanks for your clear answers. I could understand it even though I am no tech savvy. I have managed to came up with new questions though. ;)

    You mentioned that using a simple proxy has the disadvantage of being susceptible to traffic sniffing (both ends). Since, I am outside Iran, can they sniff my traffic going through my ISP? (I understand your answer points to the general problem with this method. I am wondering if this problem could also exist in my specific case where the bad guy is Iran gov. and I am leaving outside Iran.)

    If I understood you correctly, the main problem with proxy is that it is easily detectable when all the traffic of one node goes to a single IP. So, I am wondering if the following solutions can address this problem:

    1. In Iran most people have dial-up connection. It is also possible to buy few hours connection cards from different ISPs (e.g. if you have DSL but looking for alternative). So, what if one disconnect and connect to different ISPs every 5 min or so? This should give it a new IP and essentially new identity.

    2. What if the user connect to internet without proxy and only when he/she intends to browse banned websites or sending sensitive information, uses the secure proxy connection. That is his/her connection will be contain both encrypted (to my IP) and normal packets. Would this complicate the detection?

    My other question is about possible consequences. Lets say they detect such a secure connection. Is it easy to decrypt lots of packets? I mean let say the encryption is broken once. Does this mean that it is broken for all the packets in that connection? Is it also broken for all the other future connections? Is it possible to detect that someone has infiltrated the secure connection?

    Many thanks.
  21. Ray Murphy Member

    Is there any point in using ISP's outside of Iran on dialup?
  22. exit node

    Security depends on your threat model,
    ie it depends on your level of paranoia.

    a new IP is not a new identity. in fact
    a new IP from the same computer will still
    have the same MAC address, for example.
    and that's still at a high OSI network level.

    changing IP from a VPN provider is probably
    not all that useful, since most ISPs aren't free
    you need to authentify anyway, and caller-id
    will reveal you at a lower telecomm equipment
    level anyway.

    If your ISP is in Iran, regardless of it
    being a dial-up, you can assume you
    are exposed.

    they could always call you directly by modem,
    like we did back in the BBS days, but please
    note that on a telecomm level, dial-up callers
    on a modem from home may also be exposed
    since analog phone now runs pretty much on
    digital trunks anyway, so I'm not sure that's really
    beneficial, not to mention it would be costly
    and would sort of stand out.

    outside of Iran, ISPs can be petitioned
    by law-enforcement to divulge info and
    most ISPs are logging anyway due to
    state intercept laws and sigint tech like

    I guess the answer depends on whether
    you think the ISP lies in friendly territory,
    etc. I would instantly mistrust anything
    from a hard fundamentalist or totalitarian
    state, say Emirates, Singapore, etc.

    The best is to just assume the ISPs are
    compromised, but ask whether the barrier
    both technical and legal is worth their

    that means setting up brand new gmail
    accounts under new callsigns, always
    using the callsigns, never revealing any
    sensitive personal info, and using https
    and SSL/TLS whenever you can.

    the duration of the encryption depends
    on the type of connection (protocol) and
    the application used. although keys are
    asymetric PKI (public/private key pair)
    initally, generally for speed a symmetric
    key pair (shared secret) will be negotiated
    between 2 nodes for the duration of a
    session. I have no idea how long a session
    lasts in TOR, but I'm assuming it's pretty
    hard to crack because it is an EFF project.
    the guys behind it are amongst the top
    experts in the field, and it's designed for
    robustness to things like replay attacks
    and man in the middle attacks, etc.

    I can only tell you that in an earlier and similar
    project, we used a triple layered military crypto
    and didn't think that even the NSA could crack it.
    this seemed to be corroborated by the fact that
    they asked to visit one day. then again, would
    they tell us if they had?

    so I wouldn't worry about crypto. usually the
    vulnerabilities lie when you try to use it, at
    the interface between it and the world;
    things like IDs and personal information, etc.
    all the crypto in the world won't save you if always
    use the same username and then tag a friend's
    photo on facebook.

    so, in short, I like the dial-up cards, but don't rely
    on it alone, using the cards with a SSL proxy is better,
    or even better with TOR.
  23. Proxy4Iran Member

    To Ray: I meant ISPs in Iran. There are different ISPs and it is possible to buy 5hrs, 10hrs, 1week,...connection cards. These cards usually anonymous and they have a code that you scratch to see it which is needed when you log in. Thus, the identity of the buyer is not known. However, as it said by my Unregistered friend, they can track u using your phone number.

    To my Unregistered friend: I live in one of EU countries and I am as sure as it can get that Iran gov can not legally tap to my information. Thus, I think that I can safely be an exit. So, the main problem is if my friends get detected when they are connected to my proxy server. I fully agree with you that if they get detected, it is easy for them to track them using the information they have at ISP (minimum is the phone number).

    The main question for me is how to maintain this connection while not being detected by deep packet inspection. The point u said was when all the traffic is routed to the same IP, it is fishy and it can be detected. They should have a detection mechanisem that maybe (and now I am speculating) tell them if this connection is donig something fishy and needed to be monitored by an operator. How they detect the fishy behavior? More than N packet in a row to the same destination? More than t min connected to the same destination? Encrypted contents? Other methods?

    If they using the first two methods, then it might be possible to fool it by visiting some allowed websites without the proxy while sending the sensitive data through the proxy (to create various destinations). Or by disconnecting and dialing up again to same or new ISP.

    Can they simply block all the connections with encrypted contents?

    Man, it must be frustrating to keep getting long replies to your post with endless questions. But please bare with me. :)

  24. Ray Murphy Member

    For the odd occasion when extremely sensitive information needs to be transmitted a stolen mobile would suffice - especially 'stolen' mobiles that are reported as having been stolen (in the right place(s) by squeaky clean Iranians before transmission begins.
  25. Proxy4Iran Member

    To Ray

    Good point. I will spread this idea.

  26. Hechicera Member

    Encrypting your whole packet stream is the way to do that. SSH would be the first level (simply encrypted). TOR encrypts as well as tries to not have packets easily identified as what they are by their "shape".

    So think of packets as boxes going out of Iran. Encryption puts a wrapper on the box, they can't see in it anymore. But, if the box still looks like a "Youtube upload"-shaped box, they might still flag that packet.

    Usually this is done automatically by parameters, then flagged IP streams sent to a human to start checking. But, without being in their system, we can't know the exact parameters they check for "box-shapes".

    We are sure they look in unwrapped boxes (unencrypted text) for certain keywords.

    No one knows what the auto-detect and route to human parameters are. (If someone is reading this that wants to tell me, gmail at this handle will work just fine!) But, I doubt that will happen, so it really comes down to how careful your relatives want to be.

    Various destinations is not bad. All the encrypted packets only to one IP could still stand out though. Disconnecting and reconnecting only to make just encrypted means the non-sensitive things are not likely to be flagged, but the new connection, if all encrypted to a consistent IP can still be spotted.

    If they do spot the encrypted and want to monitor them, then they have access to all personal identifying info in the non-encrypted parts. That would be worrisome if they want to be very secure.

    Yes. But that would make a lot of businesses, diplomats and others very unhappy. There have been sporadic reports that that has been done to some of the smaller ISPs there already.

    You asked lots of good questions while I was sleeping, and unregistered was perhaps better qualified than me to answer then anyway.
  27. Hechicera Member

    And I know I posted it below (in the general area of this section) but without comment on what it was ...

    Surveillance Self-Defense International | Electronic Frontier Foundation

    That info just put out by the EFF could be helpful. Like unregistered said, they are well-regarded. Some of your questions are getting into general security while under surveillance, and they cover that as well as connections, Tor, SSH, etc.
  28. Proxy4Iran Member

    Thanks Hechicera. Great reply. I am out of question at least for now.

    I am just wondering if it is possible to put pressure on Nokia-Simense (who sold the surveillance system in a first place) to release more info about the details of their system. If you can think of some important questions, I can try to spread the word and get some people putting pressure on them.

  29. skimask anyone?

    yes. a really paranoid entity could just assume everyone using
    crypto is a subsersive, in much the same way than anyone on
    the street wearing a balaclava is a bank robber.

    however, it is a bit more fuzzy than that on the internet, as
    there are legitimate reasons for using crypto on the web,
    https SSL/TLS has been around for a while and are used by
    gmail, yahoo, amazon, paypal, ebay, and just about every bank
    and utility company that allows you to make online payments,
    including iranian telecom, banks, electricity.

    so to do so they would have to shut down a significant portion
    of the economy.

    it it ever comes to that, where the sheer use of crypto, ie
    a balacalva is deemed incriminating, you're going to have to
    switch to stealth measures like steganography.

    this has been mentionned elsewhere on the board.

    In such a case I would use GnuPG, FireGPG, and FireSteg,
    embedding public/private cypher text inside innocent images.
  30. echo-IRAN Member

    So called deep packet inspection merely causes confusion, may give you the wrong assumptions.

    There is a whole world of difference between voice (data, SMS) traffic over telephone and cell phone networks, and data over "computer network" via ISP. "Encryption" in phone network isn't encryption because by law every govt can listen to it. They can do decryption, voice recognition, and then keyword detection, and then log and store suspicious calls, or route to human agent. Same goes for text messages/SMS. You can use your own "uncrackable" encryption over it by special phones, or by software if you have a smart enough phone. But rarely anybody does it. If you do it your packet stream will stand out from the crowd.

    Encryption over "computer" network, be it over cable, dial-up phone network, or satellite, are regarded as uncrackable, approved for use on govt top secrets (but there are always dumb applications). If you browse directly any website with unencrypted content, keyword detection is trivial compared to voice network.

    With encryption, it's only safe that they know what protocol you are using, i.e., TOR, ultrasurf, freegate, SSL for email, banking and shopping, skype, etc. They don't really know everything, but that doesn't really matter. All they need to do is to detect random data with unknown protocol, and log the source and destination IPs.

    In Proxy4Iran case, if your friends can use TOR, you don't really help much by being whatever node, unless TOR itself is blocked by the IR ISP. You offers some safety at the entry point, but it takes all 3 nodes in TOR to be controlled by IR to know who you are and what websites you are visiting. In that case, you may (depending on protocol) be identified and it's trivial (or not?) to identify your friends and family. As mentioned above, using a fixed bridge has it's disadvantages.

    It's not safe to think in terms of obscurity. Any communication can be thought of as phone calls, with two phone numbers logged on your phone bill. The contents may be safe, but hey can look up the callers later.
  31. echo-IRAN Member

    For friends that trust each other, I would simply use a encrypted proxy like:
    Psi-OPS: Psiphon Open Source | Psiphon

    It's easy to install, get through firewalls, and allows usernames and passwords so you know who use it exactly.

    There's no getting around that, if your friend's ISP really want to know, they will notice something encrypted connected to your IP from time to time. I can't tell you how suspicious it is. But plenty of people do something like this to bypass their company or school network to watch youtube etc. I can't tell you how difficult it is, but ISP's detect protocols all the time, like Bittorrent, to slow it down or kill it.

    Your IP in EU is not completely safe. If someone want your ID bad enough, they can put up a reward for say 10,000 euro, and hope someone will steal it for them.
  32. Proxy4Iran Member

    echo, thanks for your info specially on the deep packet inspection. I am going to give Psi-OPS a shot.

  33. Proxy4Iran Member

    Echo, the Psiphon looks good. But It has two problems.

    The download page is down.

    There is no documentation for Linux! Only for windows.

    If you know people who are working there, please remind them to look at these problems.

  34. echo-IRAN Member

    I have no relation with the Psiphon people. I always install something like this at home as a proxy, so at work nobody knows what I do on the internet. I recommended it because it's easy to install and use, and it's specifically designed to bypass censorship.

    You have to find something else for Linux. How about openVPN? There must be a lot of help out there.

    It is possible to run some Windows program on Linux. One is via Wine, WineHQ - Run Windows applications on Linux, BSD, Solaris and Mac OS X, suppose to be simpler, that I never tried. The other is via a virtual machine. I recommend free VirtualBox, and install in it a copy of Windows XP that someone thrown away. I ran vpn clients, freegate and ultrasurf, that sort of windows programs on it.
  35. Proxy4Iran Member

    Thanks echo.

    I contacted them on twitter and they answered very quickly. I will try to make this work. If I failed, I will try other options you suggested.

  36. ~Image Deleted~

    And yea I do agree some of these are hilarious... Maybe start your own thread and post them all there?
  37. tayen Member

    Using Tor in Order to Surf Anonymously...

    ..that's a very good idea, dude........!:D

    simulation credit
    immobilier de France
    - Credit immobilier de
    France, simulation credit immobilier. Résultat mitigé pour le crédit
    immobilier de France.
  38. Lyagushkka Member

    Who knows where to download XRumer 5.0 Palladium?

    Who knows where to download XRumer 5.0 Palladium?
    Help, please. All recommend this program to effectively advertise on the Internet, this is the best program!
  39. how can you watch video through tor?
  40. angsquigli Member

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins