[TOOL] Tor: An Anonymous Internet Communication System

From: SecuriTeam (support_at_securiteam.com)
Date: 03/29/05

  • Next message: SecuriTeam: "[UNIX] CPG Dragonfly Multiple Cross Site Scripting" 
    To: list@securiteam.com
Date: 29 Mar 2005 10:33:53 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Tor: An Anonymous Internet Communication System
    ------------------------------------------------------------------------

    SUMMARY

    DETAILS

    Tor is a toolset for a wide range of organizations and people that want to
    improve their safety and security on the Internet. Using Tor can help you
    anonymize web browsing and publishing, instant messaging, IRC, SSH, and
    more. Tor also provides a platform on which software developers can build
    new applications with built-in anonymity, safety, and privacy features.

    Your traffic is safer when you use Tor, because communications are bounced
    around a distributed network of servers, called onion routers. Instead of
    taking a direct route from source to destination, data packets on the Tor
    network take a random pathway through several servers that cover your
    tracks so no observer at any single point can tell where the data came
    from or where it's going. This makes it hard for recipients, observers,
    and even the <http://tor.eff.org/overview.html> onion routers themselves
    to figure out who and where you are. Tor's technology aims to provide
    Internet users with protection against "traffic analysis," a form of
    network surveillance that threatens personal anonymity and privacy,
    confidential business activities and relationships, and state security.

    Traffic analysis is used every day by companies, governments, and
    individuals that want to keep track of where people and organizations go
    and what they do on the Internet. Instead of looking at the content of
    your communications, traffic analysis tracks where your data goes and
    when, as well as how much is sent. For example, online advertising company
    Doubleclick uses traffic analysis to record what web pages you've visited,
    and can build a profile of your interests from that. A pharmaceutical
    company could use traffic analysis to monitor when the research wing of a
    competitor visits its website, and track what pages or products that
    interest the competitor. IBM hosts a searchable patent index, and it could
    keep a list of every query your company makes. A stalker could use traffic
    analysis to learn whether you're in a certain Internet cafe.

    Tor aims to make traffic analysis more difficult by preventing
    eavesdroppers from finding out where your communications are going online,
    and by letting you decide whether to identify yourself when you
    communicate.

    Tor's security is improved as its user base grows and as more people
    volunteer to run servers. Please consider
    <http://tor.eff.org/cvs/tor/doc/tor-doc.html#installing> installing it and
    then <http://tor.eff.org/cvs/tor/doc/tor-doc.html#server> helping out.
    You can also learn more about Tor <http://tor.eff.org/documentation.html>
    here.

    Part of the goal of the Tor project is to deploy a public testbed for
    experimenting with design trade-offs, to teach us how best to provide
    privacy online. We welcome research into the security of Tor and related
    anonymity systems, and want to hear about any vulnerabilities you find.

    Tor is an important piece of building more safety, privacy, and anonymity
    online, but it is not a complete solution. And remember that this is
    development code it's not a good idea to rely on the current Tor network
    if you really need strong anonymity.

    Currently, Tor development is supported by the <http://www.eff.org/>
    Electronic Frontier Foundation. Tor was initially designed and developed
    as part of the U.S. Naval Research Laboratory's
    <http://www.onion-router.net/> Onion Routing program with support from
    <http://www.onr.navy.mil/> ONR and <http://www.darpa.mil/> DARPA.

    Download Information:
    The tool can be downloaded from: <http://tor.eff.org/download.html>
    http://tor.eff.org/download.html

    ADDITIONAL INFORMATION

    To keep updated with the tool visit the project's homepage at:
    <http://tor.eff.org/> http://tor.eff.org/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] CPG Dragonfly Multiple Cross Site Scripting"

    Relevant Pages