Tor: Anonymous Communications for the Dept. of Defense... and You - Jacob Appelbaum - Roland's Notes

Notes from Jacob Appelbaum's excellent Tor: Anonymous Communications for the Dept. of Defense... and You. This talk was enthusiastic and geeky but in a friendly, inviting "change the world" way. Time for Vancouverites to run their own Tor servers!

Lots of security nuances that I will not attempt to summarize.

  • single relay is a single point of failure
  • make it so that no single server has all the info
  • torify == make a program route through tor e.g. torbutton for firefox a program's traffic
  • you can be identified by things like your browser size
  • vidalia - control panel
  • Tor Browser Bundle - Windows only, porting to Mac & Linux
  • gettor@torproject.org - bootstrap getting tor via email e.g. gmail over SSL
  • email bridges@torproject.org get access to bridges
  • moving to a world where internet is series of 'small broken internets'
  • torweather - cheap and cheerful nagios like utility for monitoring tor servers
  • looking for Canadians and others to run Tor servers
  • 59 Tor servers in Canada, only 5 in Vancouver "proper". Why? Because servers are expensive? Because Canadians use USA based servers?
  • To run a Tor server:
  • you need a computer
  • one port reachable from the internet
  • 20KB of bandwidth
  • Performance: Check out their white paper:Why Tor is slow and what we are going to do about it!
  • Who uses Tor:
  • bloggers and journalists
  • UN Aid workers
  • Police, Military
  • Mobile clients:
  • Android to be first class client, working on Android IP anonymity, iPhone is not because you have to jailbreak
  • It's 2009 but no SSL everywhere, why? this leaks information which could compromise you e.g. Facebook
  • Q: how long to write your own Tor client? A: 1 week because the protocol is simple and documented like an RFC