Do you ever feel like you’re being watched while surfing the web? Some people do but I’d bet these kinds of thoughts never cross *your* mind. And why should they? You’re not the paranoid type and you surely don’t subscribe to every lunatic’s conspiracy theory. Good for you – we’re like minded :)

Truth be told, the probability of your privacy being seriously challenged is really low – in most cases practically zero. But that doesn’t mean you don’t leave a trail behind you on your everyday web-walks. In other words, your anonymity is not guaranteed. Find that difficult to believe? Well, don’t take my word for it. Just browse to the following address:

http://privacy.net/analyze-your-internet-connection

Take a look around, click on the link below the page title, wait for a few seconds and see for yourself. Among other things, you’ll realize that any remote web server has the potential to know:

• The name of your Internet Service Provider (ISP)
• The IP address and probably the hostname your ISP assigned to your computer or router when you got online
• The name and the version of your computer’s operating system (OS)
• The open ports of your OS or router firewall
• The name and the version of your web browser
• Your country of residence
• The OS active locale
• Your web browser’s language
• The resolution of your computer’s monitor

Should you care about such kinds of data being leaked? Most of the time, not really. But there are cases where your anonymity is of great importance. Here’s a short list of a few examples:

• You surf the web from a country where freedom of speech is anything but given
• You want to freely communicate your opinion on a delicate subject without fear of retribution
• You’d like to check on your competitors’ actions without letting them know you even care to visit their web site
• You wander to a malicious -or at least suspiciously looking- site, where there’s a good chance of malware being intentionally pushed to the visitors’ computers

In situations like the aforementioned you effectively want to hide your real IP address and/or alter the strings and version numbers that give away the software you’re really using. A good way to achieve the first is to browse through an intermediary, also called proxy. An even better way is to browse through Tor.

Scattered all over the map

The Onion Router (Tor) network is a collection of proxy servers scattered all around the globe. These servers run by volunteers and communicate with one another through private, encrypted channels. Whenever you use Tor to browse the web a dynamic path is automatically created for you. That path involves your computer, an arbitrary number of Tor proxies and the destination server you’re trying to reach. The proxy right before your destination is called the exit node. All communications between your computer and the exit node are encrypted using so called public key cryptography techniques. Furthermore, any given relay (proxy) of the path only knows about the previous and the next relay. In other words, in no relay of the path is there the full route from your computer to the destination server. The benefits of such an arrangement are obvious. There’s only one problem and that has to do with speed: Depending on the dynamic path between your computer and the server you’re trying to get to, you may discover that the browsing speed is seriously impeded. But there are situations where low speed is a small price to pay for excellent anonymity. The Tor project is based on Free Software, is actively developed and its use is recommended by high stature activist groups such as the Electronic Frontier Foundation (EFF). You can read more about it on the official website of Tor, where you can also learn much more about the technical details and inner workings of the whole privacy network it implements. Another excellent source of information is the Wikipedia article on Tor in particular and onion routing in general. In the remainder of this post you’ll have the opportunity to install the necessary software and make the appropriate arrangements to immediately start reaping the benefits of Tor.

Your anonymity is guaranteed (*)

There are precompiled Tor binaries for Windows, Mac OS X and Linux. There are two main bundles for each platform. The first one is the so called Tor Browser Bundle. It is perfect if you’d like to use Tor right off of a USB stick, without the need of a separate installation and configuration. The second bundle is the so called Vidalia Bundle. This one has to be installed on your computer’s hard drive before you can use it. You should also manually configure each supported application so as it can actually utilize Tor. There is also the so called Expert Package, which contains only the Tor software and no additional tools. Needless to say, this one is for people who know exactly what they’re doing. All the bundles are given away for free from the official download page of the Tor project. By now it should be apparent that Tor is suitable not only for web browsers but for many other network applications that can utilize a proxy. One of the most commonly used such application is your instant messenger (IM). So, let’s take a closer look at the installation and use of a yet another special bundle for Windows-based OSes: The Tor Browser Instant Messaging Bundle.

Step 1, download. Fire up your favorite web browser and visit the official download page for Tor. Locate the Tor Browser Instant Messaging Bundle for Windows and click on the Download link. At the time of this writing the latest stable version is 1.3.17 and what you get after the download completes is a self-contained executable archive named

tor-im-browser-1.3.17_en-US.exe

Step 2, prepare. Click on the executable and extract it into a convenient folder. By default, what you’ll get is a new folder named

Tor Browser

You can now copy this folder over to a USB thumb drive. You may also copy or move it to a suitable location on your computer’s hard drive. In any case, the Tor Browser folder has everything that’s needed to enable Tor and use it for web browsing and/or instant messaging.

Step 3, check your IP and anonymity. Prior to start using Tor it’s worth the time to check your IP address and geographic location. There are several ways to do that. One is to fire up your favorite web browser and visit

http://whatismyipaddress.com

As soon as the page loads make a note of the displayed IP address and geographical information. Next, visit

https://check.torproject.org

You should see the message “Sorry. You are not using Tor” – but you already knew that. In the information below, your IP address will be displayed too.

Before continuing on, shutdown your web browser and/or IM program.

Step 4, enable the Tor network, surf anonymously. Locate the Tor Browser folder you got a bit earlier and open it. You’ll see some subfolders and an executable named

Start Tor Browser.exe

Click on it and a couple of new windows will appear. The one you should pay attention to right now is named Vidalia Control Panel. The progress of the connection to the Tor network is displayed in it and unless something is really wrong in a few seconds you’ll be successfully connected.

The bundle comes with a self-contained copy of the Firefox browser. Upon the execution of Start Tor Browser.exe a new browser window automatically opens. Provided you’re successfully connected to the Tor network, in it you’ll see a page with the message “Congratulations, your browser is configured to use Tor”. That’s good.

Notice the IP address you now appear to be surfing from. It should be different from the one you had earlier, when you were not surfing within the Tor network. It’s a good idea to visit again whatismyipaddress.com and check on your new geographical location too.

If for any reason you need to temporarily stop using Tor, in the Vidalia Control Panel just click on the Stop Tor button. You can start using Tor again by clicking on the Start Tor button.

An interesting feature of Vidalia is that it allows for the manual creation of a new dynamic route within the Tor network. In the Vidalia Control Panel click on the Use a New Identity button and, as a pop-up willingly informs you, from this time on all your subsequent connections will appear to be originating from a different location. Visit whatismyipaddress.com one more time to verify.

Step 5, anonymous instant messaging. A little earlier, when you executed Start Tor Browser.exe, besides the Vidalia Control Panel and Firefox, Pidgin started too. That’s the name of a free multiprotocol instant messaging client licensed under the GNU GPL. Among other networks, Pidgin supports MSN, Google Talk, Yahoo!, AIM and ICQ. For more information visit the official homepage of the project.

Before you can actually use Pidgin for instant messaging through Tor, you should configure one or more accounts for it – one for each network you care about. To do so start by clicking on the Add button in the Accounts window, which should already be open for you. In the new window named Add Account choose the correct protocol and fill in the required information. Click on the Add button when finished. You may add more networks right now or later by pressing CTRL+A and then clicking on the Add button.

We suggest you play for a while with Pidgin. Who knows, maybe you’ll find it more versatile than the most popular instant messenger on the planet, the one coming from Redmond.

(*) Some restrictions apply

The strong anonymity Tor provides doesn’t automatically guarantee your privacy. Indeed, notice that there’s a weak link in the Tor network, and that is the one from the exit node to the destination server. Any data traveling between those two servers is not necessarily encrypted, so a malicious user or adversary in control of any of those machines could actually see it or collect it for later analysis. One way to protect yourself against such attacks is to transmit sensitive information only though secure channels, e.g., by using HTTPS.

There are other pitfalls Tor has and a longer list is provided on the official project site:

https://www.torproject.org/download/download.html.en#warning

Needless to say, should you take your anonymity seriously the least you can do after installing Tor is peruse that list.