How To Use and Set Up Tor
Written by slim-ov-derby (from zoklet)
Now most of you will know about tor, if you don't then I recommend reading this site;
http://www.torproject.org/
The thing is you can't just download it, let it run and expect to be as anonymous as you think. yes Tor selects the best routers of its own, but if you actually check you'll find that alot of them are in the US and Germany. If you have 3, hell even 2 nodes from the same country and range then the traffic is easily correlated; also the exit nodes are not encrypted and the entry node knows your IP, so imagine how easy it would be for them if they were in the same country.
To make sure you don't get a bad circuit you want to edit the torrc file.
Not all nodes are always available so you'll have to keep checking to see which ones are available.
https://torstat.xenobite.eu/
(and the link whilst using Tor:
http://eodys67qpzyvyxm5.onion/torstat/)
Or you can check them in the view network window if you use vidalia.
Also this link lists all of the suspicious nodes that have been blacklisted by Tor as stings, I'll explain what to do with this later.
http://en.linuxreviews.org/Bad_Tor_exit_servers
Now on with choosing the nodes.
The first nodes you choose will be the entry nodes, choose fast ones; if you're using vidalia (which I recommend) then you can see their speeds in the view network window, you can sort them by speed. Choose fast nodes that are in a foreign country (you actually never want to use any node that is in your origin country anywhere in your circuit).
EntryNodes node1,node2,etc
Now you want to specify only the nodes you wrote above will be used or Tor will use other nodes if yours are down.
Do this by adding this line to your file;
StrictEntryNodes 1
Now you'll want to choose your exit nodes. I recommend choosing Russian, Ukrainian or Japanese nodes if you can get any, they are unlikely to be interested in what you're doing. I recommend staying away from Nigerian nodes, as while they won't give a fuck about what you're doing they will be sniffing for passwords and login details. Too choose your nodes add this line;
ExitNodes node3,node4,etc
Like with entry nodes, specify to only use these ones you've chosen.
StrictExitNodes 1
Now we want to add the nodes that we never want to be used in a circuit; these will include nodes from your own country, unnamed nodes and any that are acting suspiciously. There are plenty of Tor forums out there on the entwork that discuss these type of nodes as well, so keep an eye out.
ExcludeNodes node5,node6,etc
Note that the node1,node2 etc should be changed to the actual names of your nodes. I know most of you would know this, but there are some idiots who would just c/p everything from this into their file.
Going back to what I said earlier about the entry and exit nodes being in the same country; make sure they're not.
You can't choose middle nodes, so just be careful and keep any eye ou. The middle node doesn't know who you are or what you're doing though.
Once the file is edited and saved, restart Tor so the changes work. Go and check that your IP is changed (
http://www.ip-adress.com/ip_tracer/).
If it still uses unwanted nodes then delete the router-cache and restart Tor.
C:\Documents and Settings\loginname\Application Data\Tor\
Delete the cached-status, cached-routers and cached-routers.new files.
Always be on the look out to see if your nodes are still up and which ones are available. Like with your proxies, you should change them regularly.
If you're still paranoid and want that great deniabilty factor in your favour (comes in great handy when downloading Certain Pornographic content) then run your own exit node.
http://en.linuxreviews.org/HOWTO_setup_a_Tor-server
Also coming for great deniability is truecrypt, and of course flash drives which can be disposed of or hidden easily. I'll go into them at another time though.
I will also say, like with other proxies, it will be wise to disable javascript and flash, or you could torrify them with the help of proxifier; but I won't go into that, I recommend just disabling them.
Tor is useless if you are logging into something that's linked to you in ayway, shape or form from the same nodes; unless the account was created on Tor itself.
If you want advice on settng up such applications like IRC and instant messengers through Tor then check this out
http://www.hermann-uwe.de/blog/howto...-some-pitfalls
In most cases it's just about redirecting it to go through the port tor uses (9050)
Server: 127.0.0.1
Port: 8118
socks 5 / server: localhost port: 9050
It's pretty simple.
Comments
How safe is it logging into sites? For example, if a Nigerian node can sniff passwords, what is preventing a Russian one, or even a US one?
Nothing, really. Don't be a dumbass and log into your facebook while using tor and you should be fine. Always think before you act.
I've used it on both windows and linux, for windows you just double click on the executable, it extracts it, you click on the first icon in the file and boom Tor is running. Once you exit its compact Tor firefox (it has it's own not the browser you use) Tor shuts down and clears all memory.
For linux you just download the .tar.gz file, use the command "-xvzf filename" Then "cd /location" then when you're in the file "./start-tor-browser"
So for my computer and file it was
"-xvzf tor-browser-gnu-linux-i686-1.0.8-dev-en-US.tar.gz"
"cd tor-browser_en-US"
"./start-tor-browser"
Very straightforward minimal complications.
Just a suggestion.