introduction to tor secure web browsing and anonymity …sukhbir/talks/mumbai-tormeetup-2018...i...
TRANSCRIPT
Introduction to TorSecure Web Browsing and Anonymity
Tor Mumbai Meetup, 2018
Sukhbir [email protected]
January 20, 2018
Before We Begin. . .
I Understand your threat model
I If in doubt, it’s better to ask
I Respect the group and the discussions
I No photographs please
2 / 18
Before We Begin. . .
I Understand your threat model
I If in doubt, it’s better to ask
I Respect the group and the discussions
I No photographs please
2 / 18
Before We Begin. . .
I Understand your threat model
I If in doubt, it’s better to ask
I Respect the group and the discussions
I No photographs please
2 / 18
Before We Begin. . .
I Understand your threat model
I If in doubt, it’s better to ask
I Respect the group and the discussions
I No photographs please
2 / 18
Before We Begin. . .
I Understand your threat model
I If in doubt, it’s better to ask
I Respect the group and the discussions
I No photographs please
2 / 18
Anonymity on the Internet
3 / 18
Anonymity on the Internet
3 / 18
Anonymity on the Internet
3 / 18
Anonymity on the Internet
3 / 18
Anonymity on the Internet
3 / 18
Anonymity on the Internet
3 / 18
Anonymity on the Internet
Anonymity
3 / 18
Anonymity on the Internet
3 / 18
“On the Internet, Nobody Knows...”
†
†Image from The New Yorker cartoon by Peter Steiner, 1993
4 / 18
On the Internet, They Know...
5 / 18
Tor: The Onion Router
6 / 18
Tor: The Onion Router
6 / 18
Tor: The Onion Router
6 / 18
Tor: The Onion Router
Client
Destination
6 / 18
Tor: The Onion Router
Client
Destination
6 / 18
Tor: The Onion Router
Client
Destination
Entry Guard (I)
Middle Relay (II) Exit Relay (III)
6 / 18
Tor: The Onion Router
Client
Destination
Entry Guard (I)
Middle Relay (II) Exit Relay (III)
I
II
III
6 / 18
Tor: The Onion Router
Client
Destination
EntryMiddleExit
6 / 18
Tor: The Onion Router
Client
Destination
Entry Guard (I)
Middle Relay (II) Exit Relay (III)
I
II
III
6 / 18
Tor: The Onion Router
Client
Destination
Entry Guard (I)
Middle Relay (II) Exit Relay (III)
✓Source [IP]
× Destination [Resource]
6 / 18
Tor: The Onion Router
Client
Destination
Entry Guard (I)
Middle Relay (II) Exit Relay (III)
× Source [IP]
✓Destination [Resource]
6 / 18
Tor: The Onion Router
I Low-latency anonymity
I Distributed design
I 2,000,000 users and 6000 relaysI 100 Gbit/sec available bandwidth
∗https://metrics.torproject.org7 / 18
Tor: The Onion Router
I Low-latency anonymity
I Distributed design
I 2,000,000 users and 6000 relaysI 100 Gbit/sec available bandwidth
∗https://metrics.torproject.org7 / 18
Tor: The Onion Router
I Low-latency anonymity
I Distributed design
I 2,000,000 users and 6000 relaysI 100 Gbit/sec available bandwidth
∗https://metrics.torproject.org7 / 18
Who Uses Tor?
I Journalists
I Activists
I You...
8 / 18
Who Uses Tor?
I Journalists
I Activists
I You...
8 / 18
Who Uses Tor?
I Journalists
I Activists
I You...
8 / 18
Who Uses Tor?
I Journalists
I Activists
I You...
8 / 18
little-t-tor
I Core of the Tor software ecosystem
I Runs as a daemon and sets up a local SOCKS5 proxy
I But there are still application-level concerns. . .
9 / 18
little-t-tor
I Core of the Tor software ecosystem
I Runs as a daemon and sets up a local SOCKS5 proxy
I But there are still application-level concerns. . .
9 / 18
little-t-tor
I Core of the Tor software ecosystem
I Runs as a daemon and sets up a local SOCKS5 proxy
I But there are still application-level concerns. . .
9 / 18
little-t-tor
I Core of the Tor software ecosystem
I Runs as a daemon and sets up a local SOCKS5 proxy
I But there are still application-level concerns. . .
9 / 18
Tor Browser
Tor (little-t-tor)
+
Mozilla Firefox (Modified ESR)
10 / 18
Tor Browser: Demo
Download fromhttps://www.torproject.org/torbrowser
11 / 18
Staying Safe
I Use Tor Browser
I Be careful when opening downloaded documents
I Use HTTPS versions of websites
I Don’t enable or install browser plugins
12 / 18
Staying Safe
I Use Tor Browser
I Be careful when opening downloaded documents
I Use HTTPS versions of websites
I Don’t enable or install browser plugins
12 / 18
Staying Safe
I Use Tor Browser
I Be careful when opening downloaded documents
I Use HTTPS versions of websites
I Don’t enable or install browser plugins
12 / 18
Staying Safe
I Use Tor Browser
I Be careful when opening downloaded documents
I Use HTTPS versions of websites
I Don’t enable or install browser plugins
12 / 18
Staying Safe
I Use Tor Browser
I Be careful when opening downloaded documents
I Use HTTPS versions of websites
I Don’t enable or install browser plugins
12 / 18
Onion Services
Onion Service(.onion)
13 / 18
Onion Services
Onion Service(.onion)
13 / 18
Onion Services
Onion Service(.onion)
13 / 18
Benefits of Onion Services
I End-to-end encrypted without the need for a centralized CA
I Clients can be assured they are talking to the right address
I The location and IP address of the onion service are hiddenI making them difficult block or censor
14 / 18
Benefits of Onion Services
I End-to-end encrypted without the need for a centralized CA
I Clients can be assured they are talking to the right address
I The location and IP address of the onion service are hiddenI making them difficult block or censor
14 / 18
Benefits of Onion Services
I End-to-end encrypted without the need for a centralized CA
I Clients can be assured they are talking to the right address
I The location and IP address of the onion service are hiddenI making them difficult block or censor
14 / 18
Benefits of Onion Services
I End-to-end encrypted without the need for a centralized CA
I Clients can be assured they are talking to the right address
I The location and IP address of the onion service are hiddenI making them difficult block or censor
14 / 18
Onion Services: Demo
The New York Times Onion Service:
nytimes3xbfgragh.onion
15 / 18
Tor vs. VPN
† VPN Tor Tor Browser
Censorship Evasion ++ +++ +++Appear Elsewhere ++ + +Anonymity + ++ +++Privacy − + +++Speed ++ −− −−Cost −− +++ +++
†Modified under CC BY-SA 4.0. Original work by Tim Sammut from
https://teamsammut.com/blog/2015/08/tor-vs-vpn-and-proxies-slides.html
16 / 18
Tor vs. VPN
† VPN Tor Tor BrowserCensorship Evasion ++ +++ +++
Appear Elsewhere ++ + +Anonymity + ++ +++Privacy − + +++Speed ++ −− −−Cost −− +++ +++
†Modified under CC BY-SA 4.0. Original work by Tim Sammut from
https://teamsammut.com/blog/2015/08/tor-vs-vpn-and-proxies-slides.html
16 / 18
Tor vs. VPN
† VPN Tor Tor BrowserCensorship Evasion ++ +++ +++Appear Elsewhere ++ + +
Anonymity + ++ +++Privacy − + +++Speed ++ −− −−Cost −− +++ +++
†Modified under CC BY-SA 4.0. Original work by Tim Sammut from
https://teamsammut.com/blog/2015/08/tor-vs-vpn-and-proxies-slides.html
16 / 18
Tor vs. VPN
† VPN Tor Tor BrowserCensorship Evasion ++ +++ +++Appear Elsewhere ++ + +Anonymity + ++ +++
Privacy − + +++Speed ++ −− −−Cost −− +++ +++
†Modified under CC BY-SA 4.0. Original work by Tim Sammut from
https://teamsammut.com/blog/2015/08/tor-vs-vpn-and-proxies-slides.html
16 / 18
Tor vs. VPN
† VPN Tor Tor BrowserCensorship Evasion ++ +++ +++Appear Elsewhere ++ + +Anonymity + ++ +++Privacy − + +++
Speed ++ −− −−Cost −− +++ +++
†Modified under CC BY-SA 4.0. Original work by Tim Sammut from
https://teamsammut.com/blog/2015/08/tor-vs-vpn-and-proxies-slides.html
16 / 18
Tor vs. VPN
† VPN Tor Tor BrowserCensorship Evasion ++ +++ +++Appear Elsewhere ++ + +Anonymity + ++ +++Privacy − + +++Speed ++ −− −−
Cost −− +++ +++
†Modified under CC BY-SA 4.0. Original work by Tim Sammut from
https://teamsammut.com/blog/2015/08/tor-vs-vpn-and-proxies-slides.html
16 / 18
Tor vs. VPN
† VPN Tor Tor BrowserCensorship Evasion ++ +++ +++Appear Elsewhere ++ + +Anonymity + ++ +++Privacy − + +++Speed ++ −− −−Cost −− +++ +++
†Modified under CC BY-SA 4.0. Original work by Tim Sammut from
https://teamsammut.com/blog/2015/08/tor-vs-vpn-and-proxies-slides.html
16 / 18
Secure Web Browsing: Discussion
EFF Surveillance Self-Defense
https://ssd.eff.org
17 / 18
Thank You
Questions?https://www.torproject.org/support/
E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA
18 / 18