Resources for the global digital safety training community.
Credits
Last Updated 2016-05In this Deepening session, participants will learn how to use the Tor Browser Bundle for anonymity and circumvention, to conduct safer browsing actions while accessing sensitive or blocked content online. Participants will use the Tor Browser Bundle to create an anonymous connection, confirm that it is working, and change their Tor exit relay.
The Tor Browser Bundle is quite large, so it’s a good idea to prepare this ahead of time, especially if you have a slow Internet connection in the training room.
In a browser, visit either What Is My IP? or What Is My IP Address, which includes a map to show perceived location.
Demonstrating for the group, close all web browsers and launch the Tor Browser Bundle, either by running “Start Tor Browser.exe” or clicking on a desktop/toolbar icon, and then clicking “Connect”.
Wait until a Tor connection is established and a new browser window has opened - note that this could take several minutes. Tor Browser should load a page that says: “Congratulations. This browser is configured to use Tor.” If for some reason your Tor connection fails, it will say: “Something Went Wrong! Tor is not working in this browser.”
Using the Tor Browser window, again visit either What Is My IP? or What Is My IP Address and show how the IP Address detected has now changed, and if using What Is My IP Address, point out the changed geographic location on the map.
Explain that Tor could conceivably select an Exit Relay in the same country as the user. Define for participants that an Exit Relay is the Tor server from which one’s outgoing traffic leaves the Tor network, and through which one’s incoming traffic enters it. This is not good for anonymity - it is also one reason why a Tor Browser user might want to select a new exit relay. This can be done by clicking on the green onion icon to the left of the browser’s address field and clicking “New Identity”.
Request a new identity, then refresh the webpage for What Is My IP? or What Is My IP Address. Note that the IP address should have now changed, and highlight this to participants.
Once participants have in turn downloaded and installed the Tor Browser bundle (either before the workshop, or during time allotted during this session) ask them to repeat this exercise themselves on their own devices, until they demonstrate that they can use the Tor Browser Bundle successfully. Then, explain the following:
Here, you might want to use this visualizationfrom Electronic Frontier Foundation on Tor and HTTPS traffic.
In order to take advantage of Tor’s anonymity and circumvention properties, you must launch the Tor Browser Bundle and use the browser client that comes packaged with it - this is special version of Firefox that is specifically configured to relay traffic via the Tor Network.
As with all security software, it is important that you use the latest version of the Tor Browser Bundle. When Tor Browser opens, the page it displays will tell you if a newer version is available; however, it will not update itself automatically. Any updates will will have to be done manually by the user - see the Safer Software Updating module here on LevelUp for supporting training material on this topic.