Computer Security, Privacy, Technology, Tutorials, Web Security

Tips On How To Increase Tor Anonymity And Security

August 19, 2017

This article will describe in detail how to increase Tor anonymity and security by providing useful tips.

Tor is designed to not leak your identity. Usually, it’s the Tor users who don’t use Tor properly that are culpable for the emanation. Mistakes Tor Users typically make that may disclose information related to the initial user to even leaking the real IP address.

  • Installing Tor Browser add-ons.
  • Installing and using plugins like Adobe Flash.
  • Not keeping the Tor Browser updated. Unaware of browser vulnerabilities being patched in the latest version. Browser vulnerability can disclose Tor user’s real IP Address.
  • Using Javascript. Javascript code in the user’s web browser may be executed without user’s consent and knowledge
  • Avoid DNS Leaks. The user’s Tor Browser may not be configured properly and ends up querying DNS candidly rather than via Tor/VPN. As a result, every bit of anonymity is gone.
  • Modifying Proxy Settings.
  • Watching videos can result in a video player in the web browser to leak the user’s information.
Some Common Methods That Could Be Used To Find Out Who The Tor User Is:
  • Fingerprinting
  • All Tor Nodes That Connect The Tor User And A Server Are Owned By The Same Individual
  • Malware Distributed Via Drive-by Infection
  • Exploitation Of Flash Or Java To Forcibly Make The User Open A Connection With A Server Outside The Tor Network
  • Tor User Reveals Enough Information About Themselves Outside The Tor Network

Cookie Fingerprinting

Fingerprinting could be achieved in numerous ways. For instance, session cookies are most likely cause. Other causes include Flash (aka “super cookies”), and a known Javascript vulnerability that permits a file to be both continuous to the Tor user and traceable.

At the most fundamental level, fingerprinting via cookies operates by distributing to the Tor user a unique ID/session key which is transmitted back to the web server every time the visitor (Tor user) goes to the website providing the web server information about when the user accessed a page (aka timestamp) and the particular pages accessed by the user. The unique ID/session key can potentially expose your identity by matching the times you used Tor to access the site and the times you were independently transmitting data through the Tor network. To prevent this from happening, Tor flushes all cookies from the web browser when it’s closed.

An example could be that a site correlates a Tor user’s visits during the whole year, it would know that it’s the exact Tor user. This occurs if the site is capable of generating a unique browser fingerprint that recognizes every Tor browser user that visits the web page.

How To Avoid Fingerprinting When Using Tor Browser

The only technique to avoid fingerprinting via Tor Browser is becoming less unique. Do NOT randomly spoof your Tor Browser’s user agent. Spoofing your browser’s user agent will make you stand out more to sites and have a more prevalent presence in web server logs, ultimately driving more attention and increased scrutiny.

The most effective method to make your web browser’s fingerprint hold less uniqueness is to use the Tor Browser Bundle, TAILS, or Whonix. All Tor users that utilize the latest version of the Tor Browser will possess the same fingerprint. While you are standing out as a Tor user, you’ll merely look like virtually any other user deploying Tor.

One of the main purposes for using Tor is really increasing anonymity, and you achieve that precisely by becoming one of the generic million simultaneous Tor users. If you seek to become a person behind a particular Tor IP who changes their user agent string every couple of minutes, you’ll just attract more scrutiny, and that ambiguity alone is enough to absolutely make you stand out if it is perceived.

Another technique to avoid fingerprinting and time correlation is to refrain from intently linking your current and past Tor sessions to your web browsing. It will be reasonably difficult to trace back. This is one of the common mistakes users of Tor make when merely connecting for a single session, resulting in time correlation attacks being rather straightforward if you’re already being observed.

Maintaining Uniformity Of Tor Browser Fingerprints

It’s important to note that many Tor browser users may have unwittingly increased their Tor browser fingerprints. This occurs if there are any modifications to preference settings in the Tor browser. Any installed add-ons/plugins in Tor browser could indicate that the Tor browser fingerprint may be enormous.

The most appropriate fingerprint ratio to assist in maintaining anonymity and aid in thwarting tracking is 1:1If a user’s web browser fingerprint ratio is 1:1 then it is indistinguishable to the fingerprint of all other browsers out there. Obtaining a 1:1 ratio is unattainable when there are millions of browsers.

If your Tor browser fingerprint is too large and holds a ratio approximately 1:150, 1:300, or higher, you ought to immediately decrease the fingerprint’s size as similar as possible to the initial default size by bringing back every default preference. If you can do that, then your Tor browser fingerprint can be decreased by 50% or probably more. The goal is to get the Tor browser fingerprint around 1:60. If you can get a better ratio, then that’s fantastic. It only takes a short amount of time to bring back the default settings.

Apply the following steps to ensure that everything goes smoothly during your transition back to default settings:

Create A Backup Of Your Tor Browser Profile Folder

  • Go to about:support in Tor Browser. Click “Show in Finder” Your Tor profile folder probably has a name like b20erck1.default. Copy that folder and save it anywhere you’d like.

Make Sure To Backup All Of Your Bookmarks

  • Proceed by opening Tor Browser > Bookmarks > Show All Bookmarks > Library > Import and Backup Your Bookmarks. Click “Backup” so you can save a .json file which will have your bookmarks in a single .html file. When you decide to import the bookmarks later from that .html file, it will add the bookmarks to any present bookmarks. Hence, when you recover the bookmarks from the .json file, they will overwrite any present bookmarks.

Recover All Default Preferences In Your Tor Browser, including your NoScript and HTTPS-Everywhere

  • Go to Tor Browser > about:support > click “Refresh Tor Browser“. When you refresh your Tor Browser, there will be an everlasting elimination of every Tor browser bookmark, passwords, cookies, and other data.
  • Refreshing Tor Browser will automatically save in the download folder. You’ll see a folder called “Old Firefox Data” that has a copy of your Tor browser profile folder which is prior to you clicking Refresh Tor Browser.
  • The Old Firefox Data folder holds a “bookmarkbackups” folder containing one or multiple .json files. The latest date has the most current backup of your bookmarks.

Restart Tor Browser

  • Check For Latest Tor Browser Updates.
  • Go to Tor Browser > about:addons > Extensions. Check to see if there is any “Restart to Update add-ons” alerts.

Recover/Import All Bookmarks

  • Go to Tor Browser > Bookmarks > Show All Bookmarks > Library > Import and backup your bookmarks. Click “Restore” or “Import Bookmarks from HTML”.

When you are done recovering the default preferences in your Tor browser, consider taking the PANOPTICLICK test to check if your fingerprint has diminished significantly.

Traffic Analysis Via Tor Nodes Operated By The Same Individual

Traffic analysis becomes a real danger to a Tor user’s anonymity when all of the Tor nodes that connect the Tor user and a server are owned by the same individual. Thus, the user’s real IP address and pages accessed can easily be revealed. Tor has implemented methods to prevent this by having increased number of nodes that are examined.

Malware Distributed Via Drive-by Infection. Executing Malicious Code On Target’s Computer Via Exploits In Tor User’s Java Or Flash

The simple solution is, of course, to never use Java in the web browser. An adversary can run a Remote Administration Tool, granting the adversary administrator privileges that permit the highest levels of espionage.

Exploiting Flash Or Java To Forcibly Make The User Open A Connection With A Server Outside The Tor Network

This provides the server located outside the Tor network the user’s real IP address. Generally, enabling JavaScript welcomes a surface area for numerous possible attacks against any modern web browser. If the adversary is extremely wealthy, they likely have access to 0-day exploits. If the attack vectors for the 0 days are not enabled, then it would presumably be more difficult to launch an exploit.

A Tor user should always disable Javascript in their Tor browser and keep NoScript enabled for every site they visit.

How To Avoid Exploitation Of Flash And Java

Use Tails or Whonix to prevent possible exploitation of Flash and Java by routing all outgoing traffic through the Tor network.

Stop Using HTTP, Use HTTPS

Always keep in mind that there are three phases between your Tor Browser and the web server you are connecting to.

Tor Entry-Node > Tor-Relay Node > Tor Exit-Node

  • Tor Entry-Node (Recognizes your address and relay nodes’ address)
  • Tor Relay Node (Recognizes Tor entry-node and exit-node’s address)
  • Tor Exit-Node (Recognizes Tor relay-node’s address and web server)

Packets you transmit is crossing this chain, and the answer is crossing the same chain in reverse. By using the HTTPS protocol, you are adding a layer of “privacy” per se where none Tor servers will ever see the content of packages that are sent and accepted. They implement additional encryption that is added on top of your connection despite that it is already encrypted utilizing SSL.

The only Tor node that knows the source address of the Internet Protocol packet is the entry node which accumulates and saves this information in the memory. Whether it would or should store the information lastingly is a question of concern.

Tor Nodes will thus use their own address instead of the source address.

Tor Users Revealing Enough Information About Themselves Outside The Tor Network

Following all the tips discussed in this article will not help if the Tor user reveals enough information about themselves outside the Tor network that helps identify them.

You Might Also Like

Back to top
%d bloggers like this: