現在マヨケーがダウンしています。避難所にはカクケーモリケーがあります。

「Tor/en」の版間の差分

提供:唐澤貴洋Wiki
ナビゲーションに移動 検索に移動
>充電に強い新芋
(Tor (oldid 143470) より転載 翻訳します)
 
>貴洋のホルマリン漬
(チャーミングちゃん (トーク) による版 144113 を取り消し)
 
(3人の利用者による、間の7版が非表示)
1行目: 1行目:
[[ファイル:Tor-logo-2011-flat.svg|306px|thumb|right|ロゴ]]
[[ファイル:Tor-logo-2011-flat.svg|306px|thumb|right|Logo]]
'''Tor'''(トーア)とは、インターネットの匿名化技術、およびその技術を利用したソフトウェアである。Torの歴史は古く、最初期バージョンのリリースは2002年12月20日である<ref>[http://archives.seul.org/or/dev/Sep-2002/msg00019.html pre-alpha: run an onion proxy now!]</ref>
'''Tor''' is software that uses Internet anonymization technology. Tor has a long history, with the first version released on December 20, 2002<ref>[http://archives.seul.org/or/dev/Sep-2002/msg00019.html pre-alpha: run an onion proxy now!]</ref>.
== 概要 ==
== Overview ==
クライアントからサーバーへの接続に複数のノードを経由することにより、発信元の秘匿化を実現している。また、通信内容は暗号化されているが、末端の出口ノードでは暗号化されない<ref>TLSによる暗号化は通常通り行われる</ref>。世界中のジャーナリスト、活動家、内部告発者、諜報機関、[[悪芋]]が政府の監視から逃れるために利用している。
Anonymity of the originator is achieved by passing through multiple nodes for the connection from the client to the server. The content of the communication is encrypted, but not at the exit (end) node<ref>TLS encryption is performed as usual</ref>. Journalists, activists, whistleblowers, intelligence agencies, and [[悪芋|bad potatoes]] around the world use it to escape government surveillance.


日本では、[[片山祐輔]]がパソコン遠隔操作事件で使用したことから有名になった。
In Japan, it became famous after [[片山祐輔|Katayama Yusuke]] used it in a {{wpl|パソコン遠隔操作事件|PC remote control incident}}.


また、そのロゴマークから'''「玉ねぎ」'''と称されることがある。
It is also sometimes referred to as '''onion''' (玉ねぎ, ''tamanegi'') because of its logo.
== 騒動との関係 ==
== Relation to the turmoil ==
[[開示]]されると困る場合の対策として恒心教徒に広く用いられている。[[田中一哉(サイバーアーツ法律事務所)|田中一哉]]のような、ただの誹謗中傷さえ訴えてくる危険度の高い者を相手にする場合や、法に触れる[[カラッキング]]等を働く場合は、必須のツールとして扱われている。[[唐澤貴洋のご尊顔開示事件]]で写真を[[カラケー]]に上げる際にも利用されていた。
It is widely used by Koushinists as a countermeasure against [[開示|disclosure]]. It is treated as an indispensable tool when dealing with those, such as [[田中一哉(サイバーアーツ法律事務所)|Tanaka Kazuya]], who are at high risk of suing for even mere slander, or when working with [[karacking]]s and the like, which are against the law. It was also used to upload photos to [[Karasawa_Takahiro_BBS]] in [[唐澤貴洋のご尊顔開示事件|the incident of the disclosure of Takahiro Karasawa's respectful face]].


開示されても困らない合法な活動であっても、徹底した匿名思想、趣味、{{kojien|な|生IP}}恐怖症からTorを利用する教徒もいる。
Even for legitimate activities that would not be troubled by disclosure, there are those who use Tor out of a thoroughly anonymous ideology, hobby, or {{kojien|な|raw IP}} phobia.


また、包皮民もレスが開示されるのに備えてか、カラケー荒らしに利用することがある。
[[包皮民|Anti-Kousinists]] may also use it for KTBBS trolling, perhaps in preparation for a response to be disclosed by board admin.


[[パカ弁]]として有名な[[唐澤貴洋]]は、[[若手会員が知っておくべき弁護士業務妨害対策#「インターネットを通じた業務妨害」|「インターネットを通じた業務妨害」]]に於いてTorを利用した書き込み者を特定することは困難であると述べている。なお、上記座談会の記事では『T』だけが全角文字になっており、『or』との間に不自然なスペースがあるように見えたので、恒心教徒によって『T or(ティー・オア)』などと度々揶揄されることとなった。
[[Karasawa Takahiro]], a well-known [[パカ弁|pakaben]]<ref>lawyer who specializes in disclosure of identification information of the sender in the Internet</ref>, stated that it is difficult to identify the posters who use Tor in [[若手会員が知っておくべき弁護士業務妨害対策#「インターネットを通じた業務妨害」|"obstruction of business through the Internet"]]. In the above symposium article, only the "T" was in double-byte characters (so "T"), and there seemed to be an unnatural space between the "T" and the "or", so it was often ridiculed as "T or (<code>/ti ɔr/</code>)" by the Koushinists.


== ソフトウェア ==
== Software ==
* [https://torproject.org/ Tor]
* [https://torproject.org/ Tor]
* [https://torproject.org/download/ Tor Browser]
* [https://torproject.org/download/ Tor Browser]
Torの開発元でもあるThe Tor Projectが開発しているFirefoxをベースとしたオープンソースのブラウザであり、素人でも非常に手軽に使えるだけでなく強力な匿名化方法でもあるといえる。様々な言語版があり、日本語版インストーラも用意されている<ref>{{archive|http://utaukitune.ldblog.jp/archives/65825743.html|https://archive.vn/i4dQq|歌うキツネ : Tor Browser のインストールと設定をする(Windows版)}} </ref>。Tor BrowserはかつてはTor Browser Bundle(TBB)と呼ばれていた。Tor BrowserはTorネットワークを迂回した通信を行なわないよう設定されているほか、すべてのユーザーが同じように見えるよう設定されていたり、ブラウザを閉じるとCookieや検索履歴、サイトデータなどが自動で削除されたり、サードパーティートラッカーや広告による追跡を妨げたりと匿名性を上げるための多くの工夫がされている。またFirefoxベースであるため拡張機能も使えるが、アドオンを追加することは匿名性を低下させるとして推奨されていない。なおTor Browserを使っていても他のソフトウェアが行う通信までは匿名化されないので注意するべきである。Androidのスマートフォン向けにアプリも配布されている。
It is an open source browser based on Firefox, developed by The Tor Project, which is also the developer of Tor, and is a powerful anonymization method because it is very easy to use, even for amateurs. Tor Browser used to be called Tor Browser Bundle (TBB). The Tor Browser is configured to prevent communication that bypasses the Tor network, to ensure that all users look the same, to automatically clear cookies, search history, and site data when the browser is closed, and to prevent tracking by third-party trackers and advertisements, among many other measures to increase anonymity. It is also Firefox-based, so extensions can be used, but adding add-ons is not recommended as it reduces anonymity. Note that even if you use the Tor Browser, communications made by other software are not anonymized. An application is also distributed for Android smartphones.
* [https://guardianproject.info/apps/orbot/ Orbot]
* [https://guardianproject.info/apps/orbot/ Orbot]
Androidアプリ。ほぼすべてのアプリをTor経由で通信できる。
Android Apps. Almost all apps can communicate via Tor.
* [https://guardianproject.info/apps/info.guardianproject.orfox/ Orfox]
* [https://guardianproject.info/apps/info.guardianproject.orfox/ Orfox]
Android向けTorブラウザ。Orbotと違いTorブラウザとして機能するため、他アプリをTor経由にする機能はない。
Tor Browser for Android; unlike Orbot, it functions as a Tor browser and does not have the ability to make other apps go through Tor.
* [https://onionbrowser.com/ Onion Browser]
* [https://onionbrowser.com/ Onion Browser]
IOS向けTorブラウザ。オープンソース。'''これ以外のは大体VPNモドキの詐欺アプリなので注意'''<ref>[https://blog.malwarebytes.com/cybercrime/2014/03/fake-tor-app-in-the-ios-app-store/ Fake Tor app in the iOS App Store]</ref>。
Tor browser for iOS. Open source. '''Note that most of the others are faux-VPN scam apps.'''<ref>[https://blog.malwarebytes.com/cybercrime/2014/03/fake-tor-app-in-the-ios-app-store/ Fake Tor app in the iOS App Store]</ref>。
=== OS ===
=== OS ===
* [[Tails]]
* [[Tails]]
全ての通信をTorネットワーク経由で行うOS。コンピューター上にディスクキャッシュも含めデータを残さないため、証拠が一切残らないのが特徴<ref>基本的には残さないが、暗号化された永続ストレージに保存する場合はその限りではない。</ref>。隠匿性に優れていることもあり、多くの[[悪芋]]たちに愛用されている。USBやDVDにインストールして使用するのが基本だが、[https://www.virtualbox.org/ Virtual Box]などを用いて仮想環境で実行するのも可能<ref>仮想環境で実行するのはOSの特性上、公式では推奨されていない。</ref>。
An OS that performs all communication via the Tor network. No data is left on the computer, including the disk cache, so no evidence is left behind.<ref>Basically, they are not left behind, but this is not the case if they are stored in encrypted persistent storage</ref>. It is a favorite of many [[悪芋|bad potatoes]] because of its excellent concealment. The basic method is to install the OS on a USB or DVD, but it is also possible to run it in a virtual environment using [https://www.virtualbox.org/ VirtualBox], etc.<ref>Running in a virtual environment is not officially recommended due to the nature of the OS</ref>。
* [https://www.whonix.org/ Whonix-Gateway]
* [https://www.whonix.org/ Whonix-Gateway]
[https://www.virtualbox.org/ Virtual Box]という仮想化ソフトを使用して導入する。ゲストOSの内部ネットワークとして機能し、Torを介した接続のみ許可し、DNS漏れ対策なども兼ね備えている。仮にゲストOSが[[カラッキング]]されてRoot権限を奪われても実際の生IPを明らかにすることはできない。また、ゲストOS上でVPNに接続することでVPN over Tor(PC→Tor→VPN→サーバー)も可能になる。
Install using virtualization software called [https://www.virtualbox.org/ Virtual Box]. It functions as an internal network for the guest OS, allowing connections only through Tor, and has DNS leakage protection. Even if the guest OS is [[karacking]] and Root privileges are taken away, the actual raw IP cannot be revealed. VPN over Tor (PC→Tor→VPN→Server) is also possible by connecting to a VPN on the guest OS.
* [https://www.whonix.org/ Whonix-Workstation]
* [https://www.whonix.org/ Whonix-Workstation]
Whonix-Gatewayに同封されているOS。セキュリティに特化しており、タイムスタンプ攻撃対策など様々な機能を兼ね備えたWhonix公式推奨OS。
WThe OS enclosed with Whonix-Gateway, an official Whonix recommended OS that specializes in security and combines various features such as time stamp attack countermeasures.
* [[Kicksecure]] [https://www.kicksecure.com/ (恒式ページ)]
* [[Kicksecure]] [https://www.kicksecure.com/ (Official page)]
Whonixの兄弟分のようなOS。Virtual Boxで起動、debianをKicksecureに置き換えるという2種類の導入法が用意されている。タイムスタンプ攻撃や悪意のあるアップデートを耐えるなどの堅牢性はもちろんのこと、コマンド一つでWhonixを導入できることやLiveモードで痕跡何一つ残さない隠匿性に優れているなど、挙げればキリがないほど利点があるOSである。
A sibling of Whonix, this OS offers two ways to deploy it: running in Virtual Box or replacing debian with Kicksecure. In addition to its robustness against timestamp attacks and malicious updates, this OS has many advantages, such as the ability to install Whonix with a single command, and its Live mode, which is highly hidden and leaves no traces whatsoever.
* [https://www.qubes-os.org/ Qubes OS]
* [https://www.qubes-os.org/ Qubes OS]
かの{{wpl|エドワード・スノーデン}}も使用しているというOS。{{wpl|Xen (仮想化ソフトウェア)|Xen}}という仮想化技術を用いて、アプリケーションを並列して仮想環境上で実行できるのが特徴。上記のWhonixを導入することで、Torを用いた通信を行える<ref>Virtual BoxもしくはQubes OSに導入する。</ref>
The OS that even {{wpl|en:Edward Snowden}} uses. It features the ability to run applications in parallel on a virtual environment using a virtualization technology called {{wpl|en:Xen|Xen}}. By installing the above Whonix, you can communicate using Tor.<ref>Install in Virtual Box or Qubes OS.</ref>
* [https://www.kali.org/ Kali Linux]
* [https://www.kali.org/ Kali Linux]
{{wpl|ペネトレーションテスト}}と呼ばれるコンピュータシステムへの攻撃テストを行うことを目的としたOSであり、様々な<strike>攻撃兵器</strike>ツールが搭載されている。こちらも[https://www.virtualbox.org/ Virtual Box]を使用して導入することになる。<strong>当たり前だが、第三者が運営するサイトへの攻撃に転用してはならない。</strong>
{{wpl|en:Penetration test|Penetration test}}, an operating system designed to test attacks on computer systems and equipped with various <strike>attack weapon</strike>tools. This is also to be installed using [https://www.virtualbox.org/ VirtualBox]. <strong>Naturally, it must not be diverted to attacks on sites operated by third parties.</strong>
* [[Parrot OS]]
* [[Parrot OS]]
Kali Linuxと同じくペネトレーションテストのために作られたOS。Kali Linuxと違ってTorが同梱されている<ref>Torブラウザが導入されているだけであり、全通信をTor経由にしてくれるわけではないので別途[https://github.com/ultrafunkamsterdam/AnonSurf Anonsurf]等で通信を匿名化する必要がある。</ref>。パスワードの[[カラッキング]]機能をはじめ様々な<strike>攻撃兵器</strike>ツールが搭載されているが、あくまでも自分が運営するサイトの脆弱性を確認するために使うことを目的としたOSであり、<strong>くれぐれも第三者が運営するサイトへの攻撃に転用してはならない。「Torが同封されているから攻撃への転用に最適だ」と考えることなど論外である。</strong>
Like Kali Linux, this OS is designed for penetration testing. Unlike Kali Linux, Tor is bundled<ref>The Tor browser is only installed and does not make all communications via Tor, so it is necessary to anonymize communications separately using [https://github.com/ultrafunkamsterdam/AnonSurf Anonsurf] or other means</ref>. Although it is equipped with various <strike>weapon of attack</strike> tools, including a password [[karacking]] function, it is an OS intended only for checking the vulnerability of the site you operate, and must <strong>never be diverted to attacks on sites operated by third parties</strong>. It is out of the question to think that "cuz tor is enclosed it is best suited for attack"</strong>.
* [https://blackarch.org/ BlackArch]
* [https://blackarch.org/ BlackArch]
同じくペネトレーションテスト用Arch LinuxフレーバーでネイティブTorとTor Browserが同梱されている。Kali LinuxやParrot OSがDebianをベースに採用していることに対し、こちらはArch Linuxを採用している。その為Anonsurfを動かすことはできないが、代わりに[https://github.com/Edu4rdSHL/tor-router tor-router]と呼ばれるスクリプトを走らせることによりOSの全通信をTor経由にすることが可能。tor-router本家の更新により、[https://github.com/Edu4rdSHL/tor-router/commit/290d0b1e29a13a4e1d4f109a6a31bdd1da523dc9 再起動なしで通信秘匿化を停止できるよになった(ab272cb)]。このコミットはBlackArchのリポジトリにも反映され、アルゴリズムにおける停止性を満したtor-routerを常時pacmanでインストール可能である。その他秘匿ツールの詳細は[https://blackarch.org/defensive.html こちら]を参照。
The same Arch Linux flavor for penetration testing is bundled with native Tor and Tor Browser. While Kali Linux and Parrot OS are based on Debian, this one uses Arch Linux. Therefore, it is not possible to run Anonsurf, but instead it is possible to run a script called [https://github.com/Edu4rdSHL/tor-router tor-router] to make all OS communications via Tor. The tor-router has been updated so that communication anonymising can be stopped without restarting [https://github.com/Edu4rdSHL/tor-router/commit/290d0b1e29a13a4e1d4f109a6a31bdd1da523dc9 (ab272cb)]. This commit is also reflected in the BlackArch repository, and tor-router is always available for installation with pacman, with full stopability in the algorithm. For more information on other secret tools, see [https://blackarch.org/defensive.html here].


=== 併用されるソフトウェア ===
=== Software used in conjunction ===
利便性や秘匿性の向上の為に、Torを利用するソフトウェアとよく併用されているソフトウェア。<strong>これら単体では、Torで匿名化されないものがあるので注意。</strong>
Software that is often used in conjunction with Tor-based software for improved convenience and confidentiality. <strong>Note that some of these by themselves will not be anonymized by Tor.</strong>
* [https://github.com/PHProxy/phproxy PHProxy]
* [https://github.com/PHProxy/phproxy PHProxy]
所謂Web串と呼ばれるものの1つ。これだけでも極めてお手軽にサイト側に生IPを隠匿することが可能だが、その分匿名性は落ちる。Torの後ろに経由させれば、Tor出口ノードのIPを拒否するサイトにアクセスすることが可能になる。
One of the so-called Webproxy. This alone is an extremely easy way to hide your raw IP from the site, but it also makes you less anonymous. If it is routed behind Tor, it is possible to access sites that deny the IP of the Tor exit node.
* [https://github.com/Und3rf10w/kali-anonsurf/ Anonsurf]
* [https://github.com/Und3rf10w/kali-anonsurf/ Anonsurf]
Whonixなどの仮想マシンを通さずLinuxの全通信をOS単体でTor/I2P経由にしてくれるスクリプト。公式ではKali linuxが推奨されているが、'''「Tor経由で攻撃できるからバレるわけがない」と他者への攻撃に使うのはもっての外である。'''
A script that makes all Linux communications via Tor/I2P on the OS itself, without passing through a virtual machine such as Whonix. Officially, Kali Linux is recommended, but it is not advisable to use it to attack others, saying '''i can attack via tor so there's no way ill be exposed'''.
*[https://github.com/alobbs/macchanger GNU MAC Changer]
*[https://github.com/alobbs/macchanger GNU MAC Changer]
macアドレスを偽装してくれるLinux向けソフトウェア。公共wifi等に接続する際に身バレを防ぐことができる。Tailsはデフォルトで入っているので必要ない。
Software for Linux that disguises your mac address. Prevents identity theft when connecting to public wifi, etc. Tails is included by default and is not required.
*[https://github.com/aforensics/HiddenVM HiddenVM]
*[https://github.com/aforensics/HiddenVM HiddenVM]
Tailsにインストールすることで、証拠を残さずVirtualboxを使うことができるツール。<strong>Kali linuxなどをインストールして、「証拠が残らない匿名環境でクラッキングができる」などと考えるのは論外である。</strong>
A tool that can be installed in Tails to use Virtualbox without leaving any evidence. <strong>It is out of the question to install Kali Linux, etc. and think that "cracking can be done in an anon env where no evidence is left behind".</strong>


==Torの用途==
==Uses of Tor==
本来、Torは言論の自由を守るために使われるべきものであり、犯罪行為を行う[[悪芋|悪いもの]]達はTorを利用するに値しない<ref>{{archive|1=https://www.cyberarts.tokyo/?p=167|2=https://archive.vn/G4p7G|3=Torは無敵か? - 田中一哉}}</ref>
Tor is supposed to be used to protect free speech, and the [[悪芋|bad people]] who commit criminal acts do not deserve to use Tor.<ref>{{archive|1=https://www.cyberarts.tokyo/?p=167|2=https://archive.vn/G4p7G|3=Torは無敵か? - Tanaka Kazunari}}</ref>


そのため、公式サイトからTor Browserをダウンロードするだけで誰でも手軽に使えるからといって、安易な悪用は許されない。
Therefore, just because anyone can easily use Tor Browser by simply downloading it from the official site does not mean that easy misuse is acceptable.


ましてや、パソコンに犯罪の痕跡を残さないために{{wpl|Tails (オペレーティングシステム)|Tails}}を導入する、OS全体の通信がすべてTor経由になりIP漏れが発生しない{{wpl|Whonix|lang=en}}を導入する、WhonixでTorを経由しながら攻撃ツールが多数搭載された{{wpl|Kali Linux}}を使う、プロバイダーにTorを使用していることを秘匿するためにブリッジノードを設定する、サイト側にTorからのアクセスであることを秘匿するために[https://github.com/PHProxy/phproxy PHProxy]などのWebプロキシを使用する、[https://proxifier.com/ Proxifier][https://pkgs.org/download/proxychains4 Proxychains]などのツールでラッピングを行ってプロキシを通す、ノーログの[[VPN]]を合わせて利用するなどということはあってはならない。
Even more so, install [[Tails]] to leave no criminal traces on your computer, install {{wpl|Whonix|lang=en}}, where all OS-wide communication goes through Tor and no IP leakage occurs, use {{wpl| Kali Linux}}, set up a bridge node to hide the fact that you are using Tor from the provider, use a web proxy such as [https://github.com/PHProxy/phproxy PHProxy] to hide the fact that the site is accessed from Tor. Use a web proxy, wrap with tools such as [https://proxifier.com/ Proxifier] or [https://pkgs.org/download/proxychains4 Proxychains] to pass through a proxy, or use a no-log [[VPN]] together, etc. should not happen.


当然、悪用を企む悪芋達はIPを[[セルフ開示]]する{{wpl|User Datagram Protocol|UDP}}サポートのあるサーバーを選択するべきなのであり、更に匿名性を高めるために仮想環境の導入など許されないのは自明である。
It is obvious that the bad potato who intend to abuse the system should choose a server that supports {{wpl|en:User Datagram Protocol|UDP}} to [[セルフ開示|self-disclose]] the IP address, and it is obvious that it is not allowed to introduce a virtual environment to further increase anonymity.


また、[http://taruo.net/e/ 診断くん]などで匿名環境の構築に成功しているかどうか調べたり、torrcを編集して捜査の及びにくい国のサーバーを選んだりするなど論外である。
It is also out of the question to use [http://taruo.net/e/ Shindan-Kun] to check if you have succeeded in creating an anonymous environment, or to edit torrc to select a server in a country that is less susceptible to investigation.


==Notes==
Tor itself anonymizes only the '''communication path''', and it is possible to be traced by other means than IP addresses (e.g., talking about myself)<ref>This is especially true if you were talking about yourself in a raw IP</ref>. Note that Tor currently anonymizes only communications over the TCP protocol; communications using other protocols, such as the UDP protocol<ref>Mainly used for streaming, online gaming, etc. Also used on Discord {{要出典}}</ref>, will remain as raw IP.


<nicovideo>sm30472546</nicovideo><br>
It is possible that traces of crimes committed using Tor will be found when crimes committed using raw IP are discovered and the PCs are seized by [[国セコ|police]]. ([[福山紘基|Fukuyama Hiroki]] is a prime example). There are also vulnerabilities in Tor-based software, such as those mentioned above, that could break anonymity,<ref>[[Facebook]] has been revealed to have provided the FBI with technology to exploit the Tails vulnerability {{archive|https://www.itmedia.co.jp/news/articles/2006/30/news078.html|https://archive.vn/f3LCH|Reference}}</ref> it is also important to note that if used incorrectly, anonymity can be compromised.
匿名化全般について学べる動画。 初心者はまずこれを見て基本的なことを学ぶべきだろう。


The leakage of raw IP from the UDP protocol mentioned above can be prevented by restricting UDP protocol communication. We recommend that you refer to [https://note.com/ojipon_tor/n/n033da6b007d1 here] for specific measures.


<youtube>https://www.youtube.com/watch?v=oGAh8KWs2PI</youtube><br>
Thus, just using Tor carelessly may eventually lead to painful consequences (as mentioned above, Fukuyama became a martyr because of this), so '''before using Tor or any software that uses it, you should thoroughly understand the various risks by reading the respective official documents<ref>[https://2019.www.torproject.org/docs/documentation.html.en Tor's official documentation]</ref>'''
Whonixについて解説している動画。 上のものに比べるとやや敷居が高い。
 
==注意点==
Torそれ自体が匿名化するのは'''通信経路のみ'''でありIPアドレス以外(例えば自分語りなど)から足が付く可能性はある<ref>生IPで自分語りをしていた場合は尚更である</ref>。またTorが匿名化するのは現状TCPプロトコル上の通信のみであり、UDPプロトコル<ref>主にストリーミング配信やオンラインゲーム等で使われる。Discordでも使われている。{{要出典}}</ref>等他のプロトコルを利用した通信は生IPのままとなるので注意が必要である。
 
生IPで行った犯罪が発覚し[[国セコ]]にPCが押収された際、Torを使用した犯罪の痕跡が見つかってしまうことも考えられる([[福山紘基]]はその最たる例といえる)。前述したようなTorを利用したソフトウェアにも脆弱性があり匿名性が破られてしまう可能性はあり<ref>[[Facebook]]がFBIにTailsの脆弱性を突く技術を提供していたことが明らかになっている{{archive|https://www.itmedia.co.jp/news/articles/2006/30/news078.html|https://archive.vn/f3LCH|当該記事}}</ref>、使い方を間違えればせっかくの匿名性が損なわれてしまう可能性があることにも注意が必要である。
 
上記で触れたUDPプロトコルからの生IPの流出はUDPプロトコルの通信を制限することで防ぐことが可能だ 具体的な手段は[https://note.com/ojipon_tor/n/n033da6b007d1 ここ]を参照することをお勧めする。
 
このように、Torをただ漫然と使っているといずれ痛い目を見ることになる可能性がある(前述のように福山はこれが原因で殉教することとなった)ので'''Torやそれを利用したソフトウェアを使う前にそれぞれの公式ドキュメント<ref>[https://2019.www.torproject.org/docs/documentation.html.en Torの公式ドキュメント]</ref>を読むなどして様々なリスクをしっかり把握するべきである。'''


==torrc==
==torrc==
[[ファイル:サイバー犯罪条約加盟国.png|200px|right|thumb|{{wpl|サイバー犯罪条約}}加盟国]]
[[ファイル:サイバー犯罪条約加盟国.png|200px|right|thumb|member of {{wpl|Convention on Cybercrime|lang=en}}]]
torrcとはTorブラウザに含まれるファイルでありこれを設定することで、経由するノードを指定することができる。[[悪芋]]ノードを避けたり<ref>[https://wired.jp/2007/09/13/%E5%8C%BF%E5%90%8D%E5%8C%96%E3%83%84%E3%83%BC%E3%83%AB%E3%80%8Etor%E3%80%8F%E3%81%AE%E8%90%BD%E3%81%A8%E3%81%97%E7%A9%B4%E2%80%95%E2%80%95%E5%A4%A7%E4%BD%BF%E9%A4%A8%E7%AD%89%E3%81%AE%E9%80%9A/ 匿名化ツール『Tor』の落とし穴(1) - 大使館等の通信傍受に成功]</ref>、ログ保有期間が短い国を経由するノードに設定することで[[開示]]リスクを避け、匿名性を高めることも可能である。
torrc is a file included in the Tor Browser that can be configured to specify nodes to be passed through. It is also possible to avoid [[開示|disclosure]] risks and increase anonymity by avoiding bad nodes<ref>[https://wired.jp/2007/09/13/%E5%8C%BF%E5%90%8D%E5%8C%96%E3%83%84%E3%83%BC%E3%83%AB%E3%80%8Etor%E3%80%8F%E3%81%AE%E8%90%BD%E3%81%A8%E3%81%97%E7%A9%B4%E2%80%95%E2%80%95%E5%A4%A7%E4%BD%BF%E9%A4%A8%E7%AD%89%E3%81%AE%E9%80%9A/ 匿名化ツール『Tor』の落とし穴(1) - 大使館等の通信傍受に成功]</ref> or setting nodes through countries with short log holding periods.


tailsの場合は<code>/etc/tor/torrc</code> Whonix-Gatewayの場合は <code>/usr/local/etc/torrc.d/50_user.conf</code> Browserの場合は<code>tor-browser_ja-JP/Browser/TorBrowser/Data/Tor/torrc</code> 上にあるファイルをテキストエディタ等で編集して設定する。
Tails: <code>/etc/tor/torrc</code> Whonix-Gateway: <code>/usr/local/etc/torrc.d/50_user.conf</code> Browser: <code>tor-browser_ja-JP/Browser/TorBrowser/Data/Tor/torrc</code> Edit the file above with a text editor, etc. to set up the file.


以下、記述例である。他のオプションは[https://2019.www.torproject.org/docs/tor-manual.html.en Tor project]を参照。また、設定には[http://www.kc.tsukuba.ac.jp/ulismeta/metadata/standard/cntry_code.html 国名コード]を使用する<ref>国コードを {}で囲うことで設定できる</ref>。なお、国名不明なサーバーを記述する場合は{??}と記す。
Below is an example description. For other options, see [https://2019.www.torproject.org/docs/tor-manual.html.en Tor project]. Also, use [http://www.kc.tsukuba.ac.jp/ulismeta/metadata/standard/cntry_code.html country code]<ref>Country code can be set by enclosing it in {}</ref>. If you are describing a server with an unknown country code, use {??}.
  NumEntryGuards 5 #UseEntryGuardsが1に設定されている場合、EntryNodesの候補の数を5にする。5の部分を変更しても経由するノード数は変化しない。
  NumEntryGuards 5 #If UseEntryGuards is set to 1, the number of candidate EntryNodes is set to 5. Changing the 5 part does not change the number of nodes to go through.
  ExcludeNodes SlowServer,{jp},{gb},{us},{ca},{au},{nz},{de} #指定したノードを経由しないようにする。
  ExcludeNodes SlowServer,{jp},{gb},{us},{ca},{au},{nz},{de} #Do not go through the specified node.
  ExcludeExitNodes {bg},{cz},{fi},{hu},{ie},{lv},{lt},{lu},{nl},{ro},{es},{se},{ch},{ru},{hk},{il} #指定したノードをExitノードに設定しない
  ExcludeExitNodes {bg},{cz},{fi},{hu},{ie},{lv},{lt},{lu},{nl},{ro},{es},{se},{ch},{ru},{hk},{il} #Do not set the specified node as Exit node
  StrictNodes 1 #Excludeの設定を厳守するかしないか。0に設定するとたまに設定を破る。
  StrictNodes 1 #Strictly set Exclude or not; setting it to 0 sometimes breaks the setting.
ExcludeNodesを設定しすぎることで、'''逆に経由するノードの数が限られてしまいランダム性が損なわれ匿名性を落とす'''ので注意。
Note that setting too many ExcludeNodes will ''''conversely limit the number of nodes to be passed through, which will reduce randomness and anonymity'''.


==脚注==
==References==
<references />
<references />
==関連項目==
==See also==
*[[0Chiaki]]
*[[0Chiaki]]
*[[VPN]]
*[[VPN]]
*[[ダークウェブ]]
*[[ダークウェブ|Dark web]]
*[[Onionちゃんねる]]
*[[Onionちゃんねる|Onion channel]]
*[[恒辞苑:な行#生IP|生IP]]
*[[恒辞苑:な行#生IP|rawIP]]
*[[Tails]]
*[[Tails]]
*[[悪芋]]
*[[悪芋|Bad potato]]


== 外部リンク ==
==External links==
*[https://www.torproject.org/ 公式サイト]
*[https://www.torproject.org/ Official sites]
*{{wpl|Tor}}([[Wikipedia]]記事)
*{{wpl|Tor|lang=en}}([[Wikipedia]]
*{{twitterlink|NumberID=18466967|ID=torproject}}
*{{twitterlink|NumberID=18466967|ID=torproject}}
*[http://www62.atwiki.jp/sec4orpheus/pages/8.html Sec4Orpheus] - プライバシー防衛術をまとめたサイト
*[http://www62.atwiki.jp/sec4orpheus/pages/8.html Sec4Orpheus] - A website that summarizes privacy defense techniques
*[https://wiki.archlinux.jp/index.php/Tor ArchWiki]
*[https://wiki.archlinux.jp/index.php/Tor ArchWiki]
*[https://www.whonix.org/wiki/Main_Page Whonix Wiki]
*[https://www.whonix.org/wiki/Main_Page Whonix Wiki]
*[https://note.com/casval0115/n/n8c18fd680ae3 Whonixを構築してVPNを使ってみる] - 当Wikiの副管理者である[[島田「にかい」]]によるnote。
{{GoToEnglish|ja=Tor}}
*{{archive|http://nanjteppeki.web.fc2.com/|https://archive.vn/QwNE1|なんJ鉄壁4点セット}} - かつてよく引用されていた。しかしVPNについての情報が乏しい時代のものであり、間に筑波VPNを挟む危険性やUbuntuが重いOSであることを考えると今日では推奨できない。
== 関連項目 ==
{{匿名化技術}}
{{匿名化技術}}
{{恒心教徒}}
{{恒心教徒}}
{{デフォルトソート:とおあ}}
{{デフォルトソート:Tor}}
[[カテゴリ:匿名化]]
[[カテゴリ:匿名化]]
[[カテゴリ:English]]
{{広告}}
{{広告}}

2024年5月21日 (火) 10:53時点における最新版

Tor is software that uses Internet anonymization technology. Tor has a long history, with the first version released on December 20, 2002[1].

Overview

Anonymity of the originator is achieved by passing through multiple nodes for the connection from the client to the server. The content of the communication is encrypted, but not at the exit (end) node[2]. Journalists, activists, whistleblowers, intelligence agencies, and bad potatoes around the world use it to escape government surveillance.

In Japan, it became famous after Katayama Yusuke used it in a PC remote control incident.

It is also sometimes referred to as onion (玉ねぎ, tamanegi) because of its logo.

Relation to the turmoil

It is widely used by Koushinists as a countermeasure against disclosure. It is treated as an indispensable tool when dealing with those, such as Tanaka Kazuya, who are at high risk of suing for even mere slander, or when working with karackings and the like, which are against the law. It was also used to upload photos to Karasawa_Takahiro_BBS in the incident of the disclosure of Takahiro Karasawa's respectful face.

Even for legitimate activities that would not be troubled by disclosure, there are those who use Tor out of a thoroughly anonymous ideology, hobby, or raw IP phobia.

Anti-Kousinists may also use it for KTBBS trolling, perhaps in preparation for a response to be disclosed by board admin.

Karasawa Takahiro, a well-known pakaben[3], stated that it is difficult to identify the posters who use Tor in "obstruction of business through the Internet". In the above symposium article, only the "T" was in double-byte characters (so "T"), and there seemed to be an unnatural space between the "T" and the "or", so it was often ridiculed as "T or (/ti ɔr/)" by the Koushinists.

Software

It is an open source browser based on Firefox, developed by The Tor Project, which is also the developer of Tor, and is a powerful anonymization method because it is very easy to use, even for amateurs. Tor Browser used to be called Tor Browser Bundle (TBB). The Tor Browser is configured to prevent communication that bypasses the Tor network, to ensure that all users look the same, to automatically clear cookies, search history, and site data when the browser is closed, and to prevent tracking by third-party trackers and advertisements, among many other measures to increase anonymity. It is also Firefox-based, so extensions can be used, but adding add-ons is not recommended as it reduces anonymity. Note that even if you use the Tor Browser, communications made by other software are not anonymized. An application is also distributed for Android smartphones.

Android Apps. Almost all apps can communicate via Tor.

Tor Browser for Android; unlike Orbot, it functions as a Tor browser and does not have the ability to make other apps go through Tor.

Tor browser for iOS. Open source. Note that most of the others are faux-VPN scam apps.[4]

OS

An OS that performs all communication via the Tor network. No data is left on the computer, including the disk cache, so no evidence is left behind.[5]. It is a favorite of many bad potatoes because of its excellent concealment. The basic method is to install the OS on a USB or DVD, but it is also possible to run it in a virtual environment using VirtualBox, etc.[6]

Install using virtualization software called Virtual Box. It functions as an internal network for the guest OS, allowing connections only through Tor, and has DNS leakage protection. Even if the guest OS is karacking and Root privileges are taken away, the actual raw IP cannot be revealed. VPN over Tor (PC→Tor→VPN→Server) is also possible by connecting to a VPN on the guest OS.

WThe OS enclosed with Whonix-Gateway, an official Whonix recommended OS that specializes in security and combines various features such as time stamp attack countermeasures.

A sibling of Whonix, this OS offers two ways to deploy it: running in Virtual Box or replacing debian with Kicksecure. In addition to its robustness against timestamp attacks and malicious updates, this OS has many advantages, such as the ability to install Whonix with a single command, and its Live mode, which is highly hidden and leaves no traces whatsoever.

The OS that even en:Edward Snowden uses. It features the ability to run applications in parallel on a virtual environment using a virtualization technology called Xen. By installing the above Whonix, you can communicate using Tor.[7]

Penetration test, an operating system designed to test attacks on computer systems and equipped with various attack weapontools. This is also to be installed using VirtualBox. Naturally, it must not be diverted to attacks on sites operated by third parties.

Like Kali Linux, this OS is designed for penetration testing. Unlike Kali Linux, Tor is bundled[8]. Although it is equipped with various weapon of attack tools, including a password karacking function, it is an OS intended only for checking the vulnerability of the site you operate, and must never be diverted to attacks on sites operated by third parties. It is out of the question to think that "cuz tor is enclosed it is best suited for attack".

The same Arch Linux flavor for penetration testing is bundled with native Tor and Tor Browser. While Kali Linux and Parrot OS are based on Debian, this one uses Arch Linux. Therefore, it is not possible to run Anonsurf, but instead it is possible to run a script called tor-router to make all OS communications via Tor. The tor-router has been updated so that communication anonymising can be stopped without restarting (ab272cb). This commit is also reflected in the BlackArch repository, and tor-router is always available for installation with pacman, with full stopability in the algorithm. For more information on other secret tools, see here.

Software used in conjunction

Software that is often used in conjunction with Tor-based software for improved convenience and confidentiality. Note that some of these by themselves will not be anonymized by Tor.

One of the so-called Webproxy. This alone is an extremely easy way to hide your raw IP from the site, but it also makes you less anonymous. If it is routed behind Tor, it is possible to access sites that deny the IP of the Tor exit node.

A script that makes all Linux communications via Tor/I2P on the OS itself, without passing through a virtual machine such as Whonix. Officially, Kali Linux is recommended, but it is not advisable to use it to attack others, saying i can attack via tor so there's no way ill be exposed.

Software for Linux that disguises your mac address. Prevents identity theft when connecting to public wifi, etc. Tails is included by default and is not required.

A tool that can be installed in Tails to use Virtualbox without leaving any evidence. It is out of the question to install Kali Linux, etc. and think that "cracking can be done in an anon env where no evidence is left behind".

Uses of Tor

Tor is supposed to be used to protect free speech, and the bad people who commit criminal acts do not deserve to use Tor.[9]

Therefore, just because anyone can easily use Tor Browser by simply downloading it from the official site does not mean that easy misuse is acceptable.

Even more so, install Tails to leave no criminal traces on your computer, install Whonix, where all OS-wide communication goes through Tor and no IP leakage occurs, use Kali Linux, set up a bridge node to hide the fact that you are using Tor from the provider, use a web proxy such as PHProxy to hide the fact that the site is accessed from Tor. Use a web proxy, wrap with tools such as Proxifier or Proxychains to pass through a proxy, or use a no-log VPN together, etc. should not happen.

It is obvious that the bad potato who intend to abuse the system should choose a server that supports UDP to self-disclose the IP address, and it is obvious that it is not allowed to introduce a virtual environment to further increase anonymity.

It is also out of the question to use Shindan-Kun to check if you have succeeded in creating an anonymous environment, or to edit torrc to select a server in a country that is less susceptible to investigation.

Notes

Tor itself anonymizes only the communication path, and it is possible to be traced by other means than IP addresses (e.g., talking about myself)[10]. Note that Tor currently anonymizes only communications over the TCP protocol; communications using other protocols, such as the UDP protocol[11], will remain as raw IP.

It is possible that traces of crimes committed using Tor will be found when crimes committed using raw IP are discovered and the PCs are seized by police. (Fukuyama Hiroki is a prime example). There are also vulnerabilities in Tor-based software, such as those mentioned above, that could break anonymity,[12] it is also important to note that if used incorrectly, anonymity can be compromised.

The leakage of raw IP from the UDP protocol mentioned above can be prevented by restricting UDP protocol communication. We recommend that you refer to here for specific measures.

Thus, just using Tor carelessly may eventually lead to painful consequences (as mentioned above, Fukuyama became a martyr because of this), so before using Tor or any software that uses it, you should thoroughly understand the various risks by reading the respective official documents[13]

torrc

torrc is a file included in the Tor Browser that can be configured to specify nodes to be passed through. It is also possible to avoid disclosure risks and increase anonymity by avoiding bad nodes[14] or setting nodes through countries with short log holding periods.

Tails: /etc/tor/torrc Whonix-Gateway: /usr/local/etc/torrc.d/50_user.conf Browser: tor-browser_ja-JP/Browser/TorBrowser/Data/Tor/torrc Edit the file above with a text editor, etc. to set up the file.

Below is an example description. For other options, see Tor project. Also, use country code[15]. If you are describing a server with an unknown country code, use {??}.

NumEntryGuards 5 #If UseEntryGuards is set to 1, the number of candidate EntryNodes is set to 5. Changing the 5 part does not change the number of nodes to go through.
ExcludeNodes SlowServer,{jp},{gb},{us},{ca},{au},{nz},{de} #Do not go through the specified node.
ExcludeExitNodes {bg},{cz},{fi},{hu},{ie},{lv},{lt},{lu},{nl},{ro},{es},{se},{ch},{ru},{hk},{il} #Do not set the specified node as Exit node
StrictNodes 1 #Strictly set Exclude or not; setting it to 0 sometimes breaks the setting.

Note that setting too many ExcludeNodes will 'conversely limit the number of nodes to be passed through, which will reduce randomness and anonymity.

References

  1. pre-alpha: run an onion proxy now!
  2. TLS encryption is performed as usual
  3. lawyer who specializes in disclosure of identification information of the sender in the Internet
  4. Fake Tor app in the iOS App Store
  5. Basically, they are not left behind, but this is not the case if they are stored in encrypted persistent storage
  6. Running in a virtual environment is not officially recommended due to the nature of the OS
  7. Install in Virtual Box or Qubes OS.
  8. The Tor browser is only installed and does not make all communications via Tor, so it is necessary to anonymize communications separately using Anonsurf or other means
  9. Torは無敵か? - Tanaka Kazunari(魚拓)
  10. This is especially true if you were talking about yourself in a raw IP
  11. Mainly used for streaming, online gaming, etc. Also used on Discord [要出典]
  12. Facebook has been revealed to have provided the FBI with technology to exploit the Tails vulnerability Reference(魚拓)
  13. Tor's official documentation
  14. 匿名化ツール『Tor』の落とし穴(1) - 大使館等の通信傍受に成功
  15. Country code can be set by enclosing it in {}

See also

External links

翻訳路線
Translation Line
匿名化技術
ツール AnonFiles - Session - Tor - VPN
OS GrapheneOS - Kicksecure - Parrot OS - Tails
用語 IPアドレス - 開示 - 仮想通貨 - ダークウェブ - DMCA - 生IP - 悪芋
webサイト 炎上総合Wiki - Onionちゃんねる - Kind World - 唐澤貴洋掲示板 - 唐澤貴洋殺す掲示板 - 恒心教サイバー部 - 防弾ホスティング - ヤッバイおっぱい掲示板
攻撃手法・事件 engage路線 - 贈り物路線 - お問い合わせ路線 - 片平騒動 - カラッキング(アットキャドカラッキング事件 - 国立感染症研究所カラッキング事件 - GMOカラッキング事件 - TVerカラッキング事件 - 新潟県警カラッキング事件) - カランサムウェア - Kindle路線 - 同時爆破予告事件 - 2ちゃんねる個人情報流出事件 -犯行予告 - 爆破予告 - 兵庫県警ブラクラ摘発事件 - モンストまとめ殺害予告事件
関連人物 安藤良太 - 小津晶 - 面白い愛の戦士 - 片山祐輔 - 恒心教 広報省 - さっしーえっち - 杉浦隆幸 - 0Chiaki - ダブルぬるぽ - ドナルドⅡ世 - ねそにゃ - 福山紘基 - 三上洋
企業等 サイバー犯罪対策課 - スプラウト - Novogara - Privex - 八雲セキュリティコンサルティング株式会社