There’s actually not much to it. Head over to TorProject.org and grab the installer. The setup is short and straightforward and if everything goes well, you should end up here:
If you’ve used Firefox before, the interface will look nearly identical. As the default front page says, you can check your Tor network settings by going to Check.TorProject.org. If everything is going well, you’ll see a message confirming that Tor is working fine (along with your new apparent IP address). You can open the same link in a non-Tor browser to see that it gives you an error message. Pretty handy for confirming your anonymity.
It is important to understand that Tor is responsible for only one aspect of anonymity: keeping the transmission of data anonymous. That’s it. Simply using Tor does not grant the users some sort of digital immunity, you still have to be careful. For Tor to really work, you’ll have to change some of your habits.
- Use Tor Browser: Tor has two parts, the client relay (the bit that sets up a randomized path for your data) and the browser which uses that path to send and receive your data. By default, Tor dos not protect any traffic that takes place outside of Tor Browser. While technically you can configure third party apps (like other browsers) to use the Tor network, any such configuration is likely to be unsafe. So, for most purposes it is strongly recommended that you only use the Tor browser unless you know exactly what you’re doing.
- Torrents don’t play well with Tor: Torrent applications are known to ignore any proxy settings and often try to make direct connections even when they are explicitly configured to use Tor. Even if the torrent application connects only through Tor, your real IP address is still sent out in the tracker GET request. This is not the fault of either Tor or torrent applications. It is just how torrents are designed to work and it does not mix well with Tor. If you use torrents with Tor, your torrent traffic is deanonymized, your other Tor traffic is no longer secure and to top it all off you’ve slowed down the entire Tor network for other users. Don’t do this.
- Don’t install third party plugins: Tor browser is just a fork of Mozilla Firefox. You can install Firefox plugins in Tor Browser but this is a bad idea. By default, Tor Browser blocks plugins such as Flash, RealPlayer and Quicktime as these (and others) can be manipulated into revealing your real IP address.
- Use HTTPS: Tor encrypts your traffic before it leaves your device as well as within the Tor network. But when the data arrives at the exit node, it must be opened up before being sent off to the final destination. If you’re typing in a password into a website that doesn’t use HTTPS, it will be visible at the exit node. Even if it’s hashed, you don’t want it surfacing anywhere since it can be used to identify you. Using HTTPS means that when Tor’s internal encryption is undone at the exit relay, the data itself remains HTTPS-encrypted. Tor and HTTPS both serve different purposes. Tor’s encryption works to protect the data within the Tor network and HTTPS protects your data outside of Tor.
For this reason, Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website. I highly recommend checking out EFF’s interactive tool explaining how Tor and HTTPS relate.
- Don’t trust any documents: Tor Browser warns you before automatically opening documents (such as DOC and PDF files) that are handled by external applications. Such documents can contain Internet resources which, if opened outside of Tor, will use your normal internet connection to download them, revealing your real IP address. This is serious. If you absolutely must deal with DOC or PDF files, one of the following setups is strongly recommended:
- Use bridges or spread the word: Tor attempts to prevent attackers from knowing what destination websites you are connecting to. But, by default, it does not prevent someone watching your internet traffic (like your ISP) from learning that you’re using Tor. For whatever reason, if this matters to you, say if your government decides that using Tor makes you a criminal (or has outright banned Tor), then you mustn’t use Tor with the default configuration. In this case it is recommended to use a Tor bridge relay rather than connecting directly to the public Tor network. However, the best protection remains the social approach. The more Tor users there are, the better protected everyone is. So go out and yell from the rooftops. Or use the share buttons at the bottom of this page.
You should also know about a few good Tor-related communities. Tor.StackExchange.com is an excellent place if you’ve got some queries or just want to learn more. On reddit, you’ll find very active communities in /r/TOR, /r/deepweb, and /r/Onions. Again, great places to ask any questions or discuss the latest news about Tor-related stuff. And of course, there’s me on twitter and I’m always more than happy to help out.
Ongoing trends in law, policy, and technology threaten anonymity as never before, undermining our ability to speak and read freely online. These trends also undermine national security and critical infrastructure by making communication among individuals, organizations, corporations, and governments more vulnerable to analysis. Each new user and relay provides additional diversity, enhancing Tor’s ability to
Internet represents the biggest democracy there has ever been. It offers us a vast ocean of knowledge and grants us true freedom. Freedom of expression. Freedom of speech. Remember, just by using Tor (even if you have no need to), you are protecting the privacy of people who do have a very real need for it. Perhaps someone who’ll use Tor today will have to flee their country tomorrow and look for asylum. Perhaps someone who’s using Tor right now will go to jail for warning the public of imminent nuclear disaster.
By using Tor you are making the world a better place.
Want to be a real hacker? Sign Up!