Tor/en

Logo

Tor is software that uses Internet anonymization technology. Tor has a long history, with the first version released on December 20, 2002^[1].

Overview

Anonymity of the originator is achieved by passing through multiple nodes for the connection from the client to the server. The content of the communication is encrypted, but not at the exit (end) node^[2]. Journalists, activists, whistleblowers, intelligence agencies, and bad potatoes around the world use it to escape government surveillance.

In Japan, it became famous after Katayama Yusuke used it in a PC remote control incident.

It is also sometimes referred to as onion (玉ねぎ, tamanegi) because of its logo.

Relation to the turmoil

It is widely used by Koushinists as a countermeasure against disclosure. It is treated as an indispensable tool when dealing with those, such as Tanaka Kazuya, who are at high risk of suing for even mere slander, or when working with karackings and the like, which are against the law. It was also used to upload photos to Karasawa_Takahiro_BBS in the incident of the disclosure of Takahiro Karasawa's respectful face.

Even for legitimate activities that would not be troubled by disclosure, there are those who use Tor out of a thoroughly anonymous ideology, hobby, or raw IP phobia.

Anti-Kousinists may also use it for KTBBS trolling, perhaps in preparation for a response to be disclosed by board admin.

Karasawa Takahiro, a well-known pakaben^[3], stated that it is difficult to identify the posters who use Ｔor in "obstruction of business through the Internet". In the above symposium article, only the "T" was in double-byte characters (so "Ｔ"), and there seemed to be an unnatural space between the "T" and the "or", so it was often ridiculed as "T or (/ti ɔr/)" by the Koushinists.

Software

• Tor
• Tor Browser

It is an open source browser based on Firefox, developed by The Tor Project, which is also the developer of Tor, and is a powerful anonymization method because it is very easy to use, even for amateurs. Tor Browser used to be called Tor Browser Bundle (TBB). The Tor Browser is configured to prevent communication that bypasses the Tor network, to ensure that all users look the same, to automatically clear cookies, search history, and site data when the browser is closed, and to prevent tracking by third-party trackers and advertisements, among many other measures to increase anonymity. It is also Firefox-based, so extensions can be used, but adding add-ons is not recommended as it reduces anonymity. Note that even if you use the Tor Browser, communications made by other software are not anonymized. An application is also distributed for Android smartphones.

• Orbot

Android Apps. Almost all apps can communicate via Tor.

• Orfox

Tor Browser for Android; unlike Orbot, it functions as a Tor browser and does not have the ability to make other apps go through Tor.

• Onion Browser

Tor browser for iOS. Open source. Note that most of the others are faux-VPN scam apps.^[4]。

OS

• Tails

An OS that performs all communication via the Tor network. No data is left on the computer, including the disk cache, so no evidence is left behind.^[5]. It is a favorite of many bad potatoes because of its excellent concealment. The basic method is to install the OS on a USB or DVD, but it is also possible to run it in a virtual environment using VirtualBox, etc.^[6]。

• Whonix-Gateway

Install using virtualization software called Virtual Box. It functions as an internal network for the guest OS, allowing connections only through Tor, and has DNS leakage protection. Even if the guest OS is karacking and Root privileges are taken away, the actual raw IP cannot be revealed. VPN over Tor (PC→Tor→VPN→Server) is also possible by connecting to a VPN on the guest OS.

• Whonix-Workstation

WThe OS enclosed with Whonix-Gateway, an official Whonix recommended OS that specializes in security and combines various features such as time stamp attack countermeasures.

• Kicksecure (Official page)

A sibling of Whonix, this OS offers two ways to deploy it: running in Virtual Box or replacing debian with Kicksecure. In addition to its robustness against timestamp attacks and malicious updates, this OS has many advantages, such as the ability to install Whonix with a single command, and its Live mode, which is highly hidden and leaves no traces whatsoever.

• Qubes OS

The OS that even en:Edward Snowden uses. It features the ability to run applications in parallel on a virtual environment using a virtualization technology called Xen. By installing the above Whonix, you can communicate using Tor.^[7]

• Kali Linux

Penetration test, an operating system designed to test attacks on computer systems and equipped with various attack weapontools. This is also to be installed using VirtualBox. Naturally, it must not be diverted to attacks on sites operated by third parties.

• Parrot OS

Like Kali Linux, this OS is designed for penetration testing. Unlike Kali Linux, Tor is bundled^[8]. Although it is equipped with various weapon of attack tools, including a password karacking function, it is an OS intended only for checking the vulnerability of the site you operate, and must never be diverted to attacks on sites operated by third parties. It is out of the question to think that "cuz tor is enclosed it is best suited for attack".

• BlackArch

The same Arch Linux flavor for penetration testing is bundled with native Tor and Tor Browser. While Kali Linux and Parrot OS are based on Debian, this one uses Arch Linux. Therefore, it is not possible to run Anonsurf, but instead it is possible to run a script called tor-router to make all OS communications via Tor. The tor-router has been updated so that communication anonymising can be stopped without restarting (ab272cb). This commit is also reflected in the BlackArch repository, and tor-router is always available for installation with pacman, with full stopability in the algorithm. For more information on other secret tools, see here.

Software used in conjunction

Software that is often used in conjunction with Tor-based software for improved convenience and confidentiality. Note that some of these by themselves will not be anonymized by Tor.

• PHProxy

One of the so-called Webproxy. This alone is an extremely easy way to hide your raw IP from the site, but it also makes you less anonymous. If it is routed behind Tor, it is possible to access sites that deny the IP of the Tor exit node.

• Anonsurf

A script that makes all Linux communications via Tor/I2P on the OS itself, without passing through a virtual machine such as Whonix. Officially, Kali Linux is recommended, but it is not advisable to use it to attack others, saying i can attack via tor so there's no way ill be exposed.

• GNU MAC Changer

Software for Linux that disguises your mac address. Prevents identity theft when connecting to public wifi, etc. Tails is included by default and is not required.

• HiddenVM

A tool that can be installed in Tails to use Virtualbox without leaving any evidence. It is out of the question to install Kali Linux, etc. and think that "cracking can be done in an anon env where no evidence is left behind".

Uses of Tor

Tor is supposed to be used to protect free speech, and the bad people who commit criminal acts do not deserve to use Tor.^[9]

Therefore, just because anyone can easily use Tor Browser by simply downloading it from the official site does not mean that easy misuse is acceptable.

Even more so, install Tails to leave no criminal traces on your computer, install Whonix, where all OS-wide communication goes through Tor and no IP leakage occurs, use Kali Linux, set up a bridge node to hide the fact that you are using Tor from the provider, use a web proxy such as PHProxy to hide the fact that the site is accessed from Tor. Use a web proxy, wrap with tools such as Proxifier or Proxychains to pass through a proxy, or use a no-log VPN together, etc. should not happen.

当然、悪用を企む悪芋達はIPをセルフ開示するUDPサポートのあるサーバーを選択するべきなのであり、更に匿名性を高めるために仮想環境の導入など許されないのは自明である。 It is obvious that the bad potato who intend to abuse the system should choose a server that supports UDP to self-disclose the IP address, and it is obvious that it is not allowed to introduce a virtual environment to further increase anonymity.

It is also out of the question to use Shindan-Kun to check if you have succeeded in creating an anonymous environment, or to edit torrc to select a server in a country that is less susceptible to investigation.

注意点

Torそれ自体が匿名化するのは通信経路のみでありIPアドレス以外(例えば自分語りなど)から足が付く可能性はある^[10]。またTorが匿名化するのは現状TCPプロトコル上の通信のみであり、UDPプロトコル^[11]等他のプロトコルを利用した通信は生IPのままとなるので注意が必要である。

生IPで行った犯罪が発覚し国セコにPCが押収された際、Torを使用した犯罪の痕跡が見つかってしまうことも考えられる(福山紘基はその最たる例といえる)。前述したようなTorを利用したソフトウェアにも脆弱性があり匿名性が破られてしまう可能性はあり^[12]、使い方を間違えればせっかくの匿名性が損なわれてしまう可能性があることにも注意が必要である。

上記で触れたUDPプロトコルからの生IPの流出はUDPプロトコルの通信を制限することで防ぐことが可能だ 具体的な手段はここを参照することをお勧めする。

このように、Torをただ漫然と使っているといずれ痛い目を見ることになる可能性がある（前述のように福山はこれが原因で殉教することとなった）のでTorやそれを利用したソフトウェアを使う前にそれぞれの公式ドキュメント^[13]を読むなどして様々なリスクをしっかり把握するべきである。

torrc

サイバー犯罪条約加盟国

torrcとはTorブラウザに含まれるファイルでありこれを設定することで、経由するノードを指定することができる。悪芋ノードを避けたり^[14]、ログ保有期間が短い国を経由するノードに設定することで開示リスクを避け、匿名性を高めることも可能である。

tailsの場合は/etc/tor/torrc Whonix-Gatewayの場合は /usr/local/etc/torrc.d/50_user.conf Browserの場合はtor-browser_ja-JP/Browser/TorBrowser/Data/Tor/torrc 上にあるファイルをテキストエディタ等で編集して設定する。

以下、記述例である。他のオプションはTor projectを参照。また、設定には国名コードを使用する^[15]。なお、国名不明なサーバーを記述する場合は{??}と記す。

NumEntryGuards 5 #UseEntryGuardsが1に設定されている場合、EntryNodesの候補の数を5にする。5の部分を変更しても経由するノード数は変化しない。
ExcludeNodes SlowServer,{jp},{gb},{us},{ca},{au},{nz},{de} #指定したノードを経由しないようにする。
ExcludeExitNodes {bg},{cz},{fi},{hu},{ie},{lv},{lt},{lu},{nl},{ro},{es},{se},{ch},{ru},{hk},{il} #指定したノードをExitノードに設定しない
StrictNodes 1 #Excludeの設定を厳守するかしないか。0に設定するとたまに設定を破る。

ExcludeNodesを設定しすぎることで、逆に経由するノードの数が限られてしまいランダム性が損なわれ匿名性を落とすので注意。

脚注

関連項目

• 0Chiaki
• VPN
• ダークウェブ
• Onionちゃんねる
• 生IP
• Tails
• 悪芋

外部リンク

• 公式サイト
• Tor（Wikipedia記事）
• Twitter:@torproject
• Sec4Orpheus - プライバシー防衛術をまとめたサイト
• ArchWiki
• Whonix Wiki
• Whonixを構築してVPNを使ってみる - 当Wikiの副管理者である島田「にかい」によるnote。
• なんJ鉄壁4点セット(魚拓) - かつてよく引用されていた。しかしVPNについての情報が乏しい時代のものであり、間に筑波VPNを挟む危険性やUbuntuが重いOSであることを考えると今日では推奨できない。

関連項目