 So let's talk about anonymity online protecting your privacy defending yourselves against network surveillance and traffic analysis This is a big issue. This is how there's lots of government tracking in some countries outside the US It's a very very serious problem and recently China announced that they're going to be only allowing certified VPNs Which makes China kind of interesting in terms of the government is actively taking part in stopping people from trying to anonymize themselves Now the internet was not designed for anonymity. Your IP address provided to you by whoever provides you internet is a way to track you It is a way to understand who you are and in court cases It is a way that they often subpoena the ISP say who paid for this IP address on this day And that's how they start finding out who you are now especially for these online activists in other countries Especially we've seen with the Arab Spring. This was a big problem because the government was the ISP So they kind of cuts out the middleman and they were able to Find people who were protesting online and speaking out against the government where freedom of speech is not really That is not really good over there. So let's look at Tor and HTTPS What can they see so right now your ISP can see all of these things so when you go to a site This is off the EFF. I just really like this little interactive system. They have here so Site username password data that is if you're doing nothing and HTTPS, which is the secure layer So let's turn this on because most sites are using secure layer now But the at the ISP level they still know your IP address They know who you are and they know what websites you went to they know what websites you visited they know when you logged in What the Tor system does is You go through here you jump now they do know you're going to Tor so they can go they went to Tor But that's all they end up knowing with the Tor system So it kind of anonymizes your IP and we'll get into a little bit how that works So you go here you've now secured so they only can see Tor they see the ISP They see system in can see that the you're just using Tor Which means they cannot visible go visibly into that traffic now the way the Tor relay system works I won't get too in-depth on it But it's really a clever system that bounces it around through different computers and Different networks that all are running what they call Tor relay nodes and one from there They get to the ISP on the other side and they can see who's logging in but you come out of this anonymized network So this right area right here disconnects you from your ISP. They know you went to Tor lots of people go to Tor though They know you came out of Tor lots of people are coming out of Tor nodes So that is the way you disambiguate yourself from your direct IP address That's the gist of the Tor project now. How does it actually work and how does it function? Let's talk about that real quick So what these are is because I'm I'm my own ISP so to speak I can look at all the data flows and See all the things that my computer's leaking data. This is me watching from my router What's going on my network? It sees that I was at Twitter EFF Facebook LinkedIn Facebook chat all these different things that I had pulled up and This is kind of what your ISP can see they can just see everything you're doing and they can't see inside the traffic That's why they refer to this as metadata. They're looking at the sites you visited They don't know what you typed in that site. They know what time you visited that site though They can't see inside the traffic itself directly But it still gives them a lot of visibility and you know gives them idea Maybe what you're doing so they have all this traffic information. This is another computer. I have set up running Tor Now you can see it's going to these crazy sites and because this is a Windows computer running Tor And it has a Google update around it. It does see Google the rest of it sees crazy numbered sites Which these are the Tor nodes it connects to That's kind of where it stops Once out of the traffic goes into the Tor node It doesn't leak out any other data. It really filters everything so your ISP So all I know is they went to Tor that's the only answer They really have that and if you're doing this from a coffee shop or any other place with public Wi-Fi You are just one data stream going to Tor There's not much visibility into what you're actually doing on your computer Now it doesn't mean there's not other ways for them to figure out who you are and mistakes have often been made This is often what led to the capture of people using Tor and how they got busted was they use Tor most of time They felt secure than a couple times They didn't use Tor but then went logged in the same said same site and he disambigated themselves other times They've leaked information and talked in channels and said oh, yeah I did this and did this and just by the act of doing those things and talking about their personal history They leaked enough information for them to start understanding who they were now all that aside I'm not going to get deep love on that. I'm just about how easy it is to download Tor so you download Tor And it runs on Mac windows or Linux I do there is different ways to configure Tor but the easiest way is this right here You just get the Tor browser bundle and I've already got it set up in windows and or got it downloaded a window So let's show you that first because I've mentioned a lot of people are using windows But show you it in Linux after I show it in Windows here Select the language. Okay install How do you sit install to the desktop it installs really fast And we're gonna head finish and run the Tor browser now the Tor browser bundle is a customized version of Firefox And we're gonna go ahead and tell it to connect it is just rebuilding those circuits into Tor and Right now it says let you can open the security settings in here We're gonna leave things at default because there are sites that try to figure out who you really are So what we're gonna do here is look up what the IP address is inside this Tor browser What's prompt to me is geo IP is trying to run an HTML 5 I'm gonna say not now for this site and what that does is it will Kind of try to de-anonymize you it may have some other information It may leak directly out of the computer because the computer itself has an IP address That's real and it has the Tor IP address which is filtered through this so the IP address now is 109 163 234 4 coming out of Romania now Tor exit nodes are public knowledge So a lot of sites do know that these are Tor exit nodes because they're run by people and The way the Tor system works relies on a certain amount of funding to keep these exit nodes alive This is actually a government funded project Which is kind of interesting but there's a few theories on to that the government themselves need to be anonymous so they have a government funded program to make things anonymous and The only way you can truly be anonymous is if it's open to the people and the people use it If not if it was something only the government use we would know all traffic coming out of every external was always government traffic So it's kind of a weird and that's the theory behind it This is just a theory as to why the government's funding it but they did specifically the naval is funded and there's some slides that Snowden has done on The NSA and them how they're trying to attack Tor what they've been able to do what they can't do and It's a it's a really interesting I may do an entire talk just on some of the details behind the Tor project So this is a Romanian IP address and we're gonna look up. What's my pee over here? And as you can see it's United States. It doesn't actually say this by nori. No, we I'm on Comcast So it's a Comcast IP address. They didn't fill in all that detail here But it does have my longitude and longitude which kind of matches about where my office is I believe I can probably put that in there, but clearly this one says I'm in Romania. So that's a lot more Detailed information, you know, it's like, okay, am I in Romania or in the US? This is what Tor does it hides your IP address now when you're doing that you may find some of the exit No, it's blocked. So right here. You can see new identity or new Tor circuit for the same site So it's saying this browser it goes into a service in another lens to bounce us to Switzerland's bounces to Romania and comes back on the internet So what it's done is hide me from there now. I can see the circuits I'm jumping through they can't see all the circuits back that I'm jumping through It's and I'm not even seeing all of the circuits and all the obfuscation going on But one of the things that does happen and I'll probably get an error when I go to this Some sites it may be blocked and tors also through its method of obfuscation is Slowing things down a little bit. You also notice that it by default Google figures out. I'm in Morania So they start putting it in that language. Well websites that use GOIP for language detecting will automatically switch over So they also a lot of European sites require certain agreements to set cookies and things like that In order to use them. So that's what that pop-up was I know what it is even though it and I don't speak Romanian or whatever language it's in So we can switch it back over to English try again Now Google me pop up with yes that there's a problem with me going to this page When you are using Tor because so many people use the same exit nodes and sometimes for Hacking and things like that. You're going to get a lot more capsules You can also just say new tour circuit for this site and tour will reshuffle the servers Well, I didn't type that run tour will go ahead and just reshuffle the servers for you and They look I'm in Canadian now and if we go over here, let's do the IP look up now Yep, oh, I think some in Switzerland Google thinks I'm in Canada They think I'm in Switzerland But you can see by reshuffling it it built a new circuit and that new circuit now has a new end point So we're in Romania before now we're in Switzerland and the circuit's faster So you just click up there you want to go back and rebuild that circuit Now one of the strategies the FBI used through we learned through some of this closure of cases was by sending you files That would you would download on your computer because the computer has not been anonymized only this browser session is They try to get you to run something that they sent only to you Maybe through an email attachment that you open externally like a Word document for example that then goes back and calls to a website And it knows your real identity. That's one of the tricks that have been used to help deanonymize people on here But as you can see I can surf the web Google is probably not the best search engine to use and part of the reason why is Google requires so much data They frequently block a lot of people who start using this and we keep getting these dragons with Google and eventually a Capture will pop up you'll find yourself unless you log into Google doing lots of captures and Google It's not as easy to sign up for an email address and a sign-in because they usually want you to verify with some type of phone That way they can have some better verification of who you are But if you want to surf some sites and be able to surf anonymously maybe create a Twitter account or something if you want to be If something is socially unacceptable in your country, which you want to get the word out Tours been a frequently used tool for getting that done. You can browse sites such as reddit and reddit does allow you to create logins with Anonymity so you can create accounts and things like that as long as you keep using them over tour Your IP address will be hidden matter of fact you always end up coming every time you rebuild the circuit It may run from the same tour note. It may come from a different tour note. Now my internet here is really fast but with tour the Disambiguation means it's probably not the best for watching movies videos or doing any type of Traffic like that because it just it's not super fast. It's way faster than dial up But it's not it's not as fast as my normal 50 meg circuit that I have here But sometimes you rebuild circuit and you're fine on that So it's gonna give you an overview of how it works a few other things that are plugins on here is for this Script forbidding is built in This is an extra the onion router feature that's on here so you can rebuild the circuits It's built in there are the security settings themselves inside of the tour browser Which provides the most usable experience, but as you start turning off all JavaScript anything not in there all html5 band or you slide it all the way the top The problem is so many websites when you turn at this high just become unusual because they use a lot of those features Such as html5 to do that. So that's kind of torn a nutshell. I'll show it real quick on Linux here. Oh Also, I'll drag this over So even run on this computer This is the dot 103 IP address look at the network flows again and refresh it You can see that it's still going to the windows things windows in the background, but you notice the other websites Aren't listed in there because it just has the tour connections So there's still not a big visibility into what I was doing because we'll right here for example, there's tour Versus here's my computer 3.9 Still just tons of connections on it just to go to a couple websites So you can see how tour really anonymized this particular IP address of this computer But certain things the computers doing are still shown Nicely in Linux. There's no real setup. You just run the tour browser It pops up. We'll just go ahead and hit connect So you just downloaded and strapped in a way you go now It will give you a warning if you put the browser full screen And that's because it's talking it fears that a hidden window which could be set up to track you maybe Popping up behind there so they don't recommend running it the browser and full screen And it does have duck duck go as the default search engine instead of Google Takes a second to establish the tour network. It's connecting to and building the circuits and just like in the Windows version here. We are it thinks now I'm in Doop of a I'm not I you know I'm not very good with how to pronounce that but I'm in the Slavic Republic now with this IP address So like I said every time you restart it on even on the same computer every time you start tour You get a new IP address you pop out of a new country You don't get to choose this you can keep rebuilding the circuit until you're somewhere you want to be But generally the tour exit nodes. It's completely a random system to generate where it does I think it tries to find some type of more efficient route But it's it's still pretty random. You don't really get to pick a lot of that Now the last thing I want to talk about with tour are the tour hidden services and what these are is Websites to end of that onion they live within the tour network itself. They when you visit these sites You're not exiting tour. You're watching them from within tours So you go into the system they're hosted somewhere within a tour network and it's kind of an interesting They've got things like a Twitter clone Here's the tour metrics lots of sites like WikiLeaks and some of the major newspapers have used this as a method by which People can dump files and share files with other people through several tools To announce they did this. This is something that Snowden was doing was using tour to keep himself hidden before he Relate or you know released all the information he released Now there are a lot of terrible sites within here where drugs hacking and all kinds of Everything else so it's not a place for the faint of heart Definitely not the place if you're under 18 or for really anyone who likes human decency There's some sites that should never be opened inside of tour. I won't lie. They're there This is part of the anonymity and part of the trade-off of it If people can figure out a way to be anonymous They may do terrible things with it on the other side government knowing who you are while you want to be an activist on Twitter And the government is after you such as in some of the Middle Eastern Areas or for example in China where they're now banning VPNs because the government has come out strong against anyone who speaks out Against things that go on in a government tour can be a way to anonymize a lot of that data But they still do know you're using tour so by doing so and probably by me making this video I'm on a list somewhere and been made suspicious But it as I understand part per Snowden just by using Linux that put me on the suspicious list because Well, the NSA likes to make lists of people who aren't doing things as they expect normal and sharing all their data with them all the Time so thanks for watching and I'm gonna do another video soon on Even more detailed on this of actually running one of the operating systems like tails to even hide this further Thanks. I feel like the content here like and subscribe You