Posted by Kalyani M. on Oct 25, 2013
Tor (The Onion Router) is an open source application that maintains the privacy of Internet users from the prying eyes of surveillance programs or other tracking software. Tor conceals the user’s identities and their network activity by separating the identification and routing information. The data is transmitted through multiple computers via network relays run by volunteers around the globe. The routers employ encryption in multiple layers during the data transmission to maintain privacy between the relays, thereby providing users with anonymity in network location. There are a lot of benefits of using Tor: it protects your privacy from potential identity thieves and marketers, hides any sensitive information you are researching on and conceals your location from anyone conducting surveillance.
The Tor program came in to prominence because of the recent revelations of the NSA’s PRISM program. As we know that the NSA has been successful in cracking majority of the encryption technologies on the Internet, now the question is how the NSA surveillance impacts Tor? So far the NSA has been successful in invading the privacy of Tor users by exploiting vulnerabilities in the Tor browser bundle- a collection of programs designed to make it easy for people to install and use the software. It attacks Tor users by implanting malicious code on the computer of Tor users who visits a particular website. The malicious code exploits the vulnerabilities in the version of Firefox that’s in the Tor Browser Bundle.
Tor is a high-priority target for NSA and they are working on developing ways to defeat the security of this tool. As per security researcher, Bruce Schneier, these are the following steps by which NSA exploits the vulnerabilities in Tor users network or computer:
If there is one thing that can be concluded from all these efforts of NSA, it’s that it is difficult to compromise the core security of Tor. In order to invade Tor user’s privacy, the NSA has to look for loopholes in its browser. The technique used by NSA to target Tor users with vulnerable software on their computers was called EgotisticalGiraffe. Here the attack was conducted by exploiting the vulnerabilities in the version of Firefox that’s in the Tor Browser Bundle. “According to the documents provided by Edward Snowden, the particular vulnerabilities used in this type of attack were inadvertently fixed by Mozilla Corporation in Firefox 17, released in November 2012 – a fix the NSA had not circumvented by January 2013 when the documents were written. So, the users who have not updated their software might become victims of such attacks.
Again the NSA can target individuals with browser exploits but if it attacks too many users then it will become noticeable. So, they have to be selective about which tor user they want to spy on, rather than tracking everyone. Tor hidden services are arbitrary communications endpoints that are resistant to both metadata analysis and surveillance. It is not possible to go to a single party and obtain the full metadata, communications frequency, or contents. One top-secret presentation, titled ‘Tor Stinks’, states: “We will never be able to de-anonymize all Tor users all the time.” It continues: “With manual analysis we can de-anonymize a very small fraction of Tor users,” and says the agency has had “no success de-anonymizing a user in response” to a specific request.
Tor conceals your identity from your recipent and conceals your recipient and your content from observers on your end. It does not protect your communication content once it leaves Tor network. Therefore Tor recommends its users to use Tor in combination with some other tools for better security. For example you can use HTTPS Everywhere in Tor Browsers to secure your online communications. You can also use a combination of tools like TorBirdy and Enigmail, OTR, and Diaspora along with Tor to protect your communications content in cases where the communications infrastructure (Google/Facebook) is compromised.
Secure cloud storage service that protects you data from surveillance
Similar to Tor, SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.
SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. You can signup for this product now