Sunday, February 19, 2012

Online Anonymity with Tor

I doubt many people in the general public have inspected their browser request headers recently. An edited version of a request from my own browser is below:
HTTP_HOST: ...
HTTP_CONNECTION: ...
[snip]

SERVER_SOFTWARE: ...
SERVER_NAME: ...
SERVER_ADDR: ...
SERVER_PORT: ...
REMOTE_HOST: redacted.cable.rogers.com
REMOTE_ADDR: ...
REMOTE_PORT: ...
SERVER_PROTOCOL: ...
REQUEST_METHOD: ...
REQUEST_URI: ...
REQUEST_TIME: ...
See the line "redacted.cable.rogers.net" in the list? The redacted portion is a unique identifier that would allow a remote site to ask Roger's which subscriber initiated a certain request. Depending on which ISP you have it is quite likely that you provide identifying information to every single page you request.

However, doing the same with the Tor Browser Bundle installed and active yields the following:
HTTP_HOST: ...
HTTP_CONNECTION: ...
[snip]

SERVER_SOFTWARE: ...
SERVER_NAME: ...
SERVER_ADDR: ...
SERVER_PORT: ...
REMOTE_HOST: torland1-this.is.a.tor.exit.server.torland.me
REMOTE_ADDR: ...
REMOTE_PORT: ...
SERVER_PROTOCOL: ...
REQUEST_METHOD: ...
REQUEST_URI: ...
REQUEST_TIME: ...
For all the details you'll have to read the Tor site on your own. Here is the the download page for the Tor Browser Bundle.

Why am I telling you this? Because, as a recent post highlighted, I'm soliciting leaks from the Harper government. I want you to know that if I do receive something I should be able to keep my identity very hard to trace by using Tor at a variety of public WiFi sites.

Similarly, if our recent Vikileaks30 account had of been using Tor the IP address returned would not have identified the user as coming from the House of Commons.

No comments:

Post a Comment