Tor, driving lessons – 3

So far we have considered the use of Tor as an isolated application, and described and solved some elementary problems that can compromise the level of privacy and anonymity that can be reached with its use. Today we will face the problem from a different point of view: we will focus not on the software that runs inside the PC, but rather the flow of information that moves between the PC and the Internet, regardless of the programs that generate it.

Anyone following these chats had installed Tor for the first time, will probably have noticed that even the most popular Tor download sites such as the EFF one offer, next to the Tor installation files, some bundles, which contain in addition to Tor also other programs, inevitably including Privoxy.

What is Privoxy?
This is easy. Privoxy is a filtering proxy.
And why do we need it? Isn’t Tor a proxy already?
Let’s take a step back. Between our PC and the servers we access via the Internet there is a flow of information made up of requests and responses to requests. Without loss of generality, we can continue to think about normal web browsing done with a browser like Firefox. Using Tor while browsing “diverts” this flow and forces it to make intermediate stops through the Tor router network before reaching its final destination; these intermediate steps make it difficult to correlate the requests that reach the web servers and their responses with the user who generated them.

By continuing to use the information flow model we can highlight two types of privacy risks.

The first and most trivial is that of a partial “deviation” of this flow, normally channeled into the Tor network through our local Tor proxy, which directly releases some information on the Internet, thus compromising the privacy of navigation. This example is not chosen at random, as it was a problem in the first releases of Tor.
Basically, when we use Tor we tell our browser “use Tor as proxy socks” or “pass everything through Tor”.
Some browsers and Internet applications, some more than others, may not fully honor this request.

The first operation that the browser must perform before establishing the connection that we have requested is to take the name of the server contained in the address of the requested page and translate it into the IP to which to open the connection. To do this, he must open a different connection to a particular server whose address he already knows (the DNS server) to which he can send the host name and receive the corresponding IP. In some cases this new request was not passed through by Tor and therefore it became trivial for an attacker to correlate the IP of someone who had just requested the address of a certain site with the requestor for an anonymous connection that arrived immediately after the same site.
In some cases (typically browser bugs) these requests could go outside of Tor.

The second, and even more serious problem, is when data passes through the flow of information that can identify the user. Connections made through Tor are normal HTTP or HTTPS sessions. The server to which the requests are made, and in the case that non-encrypted HTTP is used, also the outgoing Tor router and whoever is able to sniff the traffic, can intercept and collect everything that is transmitted.
If the user accesses information on his personal site but managed by a provider, or by distraction he sends personal data by filling out a form, perhaps with his credit card number, his anonymity is irremediably compromised.

The problem can be solved, or at least greatly mitigated, by installing (in technical terms: chaining) a second proxy to Tor, Privoxy precisely.
In this case the browser no longer sends the data directly to Tor, but sends them to Privoxy, which can examine them and possibly modify them before sending them on the Net; for example, it can remove the name and surname of the user who for any reason had ended up in the data flow. Similarly it can be configured to intercept the incoming page from Tor and remove all Javascript scripts, so that even if the browser is set to run them, the problem is solved “at the root”.

If you install Tor with the bundle from the EFF site you will end up with Privoxy already installed and configured, and you will also have Torbutton and a very useful information panel called Vidalia, which allows you to view, even geographically, the Tor routing across the Network.

Privoxy has a very detailed control panel accessible from the address http://config.privoxy.org (address that using Privoxy is not on the Internet but on your PC!)

from which it is possible to check the status of the proxy, check the details of the actions performed on a certain page, configure predefined actions or create new ones, enable or disable options.

and finally access the documentation.

A very interesting exercise that I recommend to everyone is to create and enable a filter that systematically replaces a word on the incoming pages. In the configuration file there is a default one (only to be enabled).
Other more sophisticated actions can also be performed such as removing images from advertising sites based on their pixel size, or replacing animated gifs with their first frame, to avoid those hectic pages full of animations.

Finally it is worth mentioning that, after installing it, even a filtering proxy still works much better if there is something connected between the keyboard and the chair; nothing can replace a little attention and foresight on the part of the user.

Today we have identified an effective and very useful solution to some of the errors and distractions that can be committed by surfing the Net anonymously with Tor; next time we’ll talk about installing a Tor server.

Marco Calamari

All Cassandra Crossing releases are available at this address