It’s Complicated and has layers… Like an Onion. Or How I  learned to stop worrying and love the tor.

With the latest outcome of the election and roughly half of the nation waking up to the fact that their “guy” was not going to be in the white house, people have been reminded of a need to keep their private lives a little more private. Of course this is outrageous because no matter who is in the Whitehorse the various security and spy agency of the world are always watching almost everything. One of the “easy” low cost ways of helping to secure your Internet presence is using Tor. Tor allows your Internet traffic to bounce around the Internet from volunteer to volunteer secured all the way before either landing on an exit node or a tor hidden service. In theory this prevents your traffic from being observed and monitored. Tor was originally designed by the US Government to allow spies, freedom fighters, and the oppressed to securely and communicate without fear of oppression. This in theory defends against most attacks up to massive brute force, possible flaws in the program, or if the bad actor has control and is observing a majority of the nodes in the network. (In theory these are possible by various three letter agencies owned by Uncle Sam).

Of cause, the big issue with using anything secure is that to be truly secure, you have to give up all of the nice to haves like Java script, goggle services and cookies. All allow you to be tracked by various parts of the Internet. One of the nice low hanging fruit that can quickly be secured through tor is Facebook. They have a tor service that will ensure that your Facebook traffic will be routed only inside of tor. The other easy way is to enable tor in android. The only additional software needed is orbot. The biggest thing to remember while signed into Facebook is that you just tied your tor persona to a named identity that allows you to be tracked. This is just bad opsec but would allow you to communicate out of oppressive countries elsewhere in the world. The other shortcoming to Facebook over tor on android is that push notifications of events will not work.

Vidalia Onions

Now Andy, what good is Facebook over Tor for you, you may ask. Almost nothing… even while connected via insecure wifi Facebook is already secured via https/tls encryption, and the fact that I am posting on Facebook via android is no secret, Nor am I trying to share state secrets. Plus Facebook is a US owned company, one National Security Letter and Uncle Sam has a copy of all of my actions. Plus to quote one of my friends who works in the field, “you are not that interesting.” I do it to make Facebook better for the people who need to use the service, plus to keep encouraging Facebook to continue improving the service. If no one uses the service, then it is easier to get rid of it. I also use it to help provide some additional cover to those who need it. If the TLA groups are bruteforcing the traffic, this adds yet another set of packets that they have to work on. Finally, it is so easy to do for androids. All you need to do is install orbot and click the “enable tor” option in facebook’s setting menu.

In the end, it may be just whistling in the dark, but at least it is something. Plus it ups my geek cred just a little bit. The only downside that I have found is that tor burns the battery far faster than the regular network.

2 thoughts on “It’s Complicated and has layers… Like an Onion. Or How I  learned to stop worrying and love the tor.”

Leave a Reply

Your email address will not be published. Required fields are marked *