Download Slides Here.
Tails and Tor
The Tor project creates some of the best privacy tools that are available today. Althought Tor isn't a one shot privacy solution, it is an extremely powerful tool for enhancing privacy and anonymity online. The TAILS operating system is a complete operating system that forces all internet traffic through the Tor network. Using these tools allow people to take back control of their privacy online. However, like all tools, they can not help if they aren't used properly. Thus, it is important to have a good understanding of how these tools work in order to use them properly.
Threat modeling simply means figuring out what threats you are likely to encounter and then coming up with plans to mitigate the most likely and most harmful attacks. Everyone should have an idea of how they are vulnerable. To begin, look at all your devices that are connected to the internet. They are all potential areas of attack (attack surfaces). If you consider what kind of information each device has and what it would mean if it was compromised, you will start to develop a personal threat model. Now do the same thing for all of your online services.
We will look at an email account as an example. We want to ask three questions for every service.
How vulnerable is it?
- Do you have a good password?
- Is that password used in other places (will the compromise of a different service compromise this account)?
- Do you use Two Factor Authentication?
- Are the answers to your secret question easy to guess, or find out from online sources?
- Would someone who knows you well be able to answer them?
How likely is it to be attacked?
- Is your email address publically available?
- Do you use this email address to register for other online services?
- How often are email addresses compromiseed (hint: all the time)
What are the consequences of it being compromised?
- Do other services allow password resets using this email address (can the compromise of this email address then compromise other services)?
- What personal information has been sent through your email? Tax returns? Bank statements? Medical information? client information? What would an attacker get access to if they break into your account?
- Who else might be compromised using this account? Could an attacker use this account to send phishing emails to friends? Relatives? Elderly grandparents?
- What would not having access to this email account mean to you personally?
- What would not having access to this email account mean to you professionally?
Once you have considered these questions you can start to make plans on how to reduce your attack profile and mitigate the harm if it is compromised.
For example, to reduce your attack profile you could:
- Use a strong, unique password for this email account
- Use two factor authentication
- Setup alerts for new logins
- Use account aliases to sign up for services. Use throwaway accounts to sign up for things your don't want to recieve emails from.
- Use non-obvious answers to secret questions (eg. What city were you born in? Purple).
And to reduce the severity of a compromise:
- Use encrypted email whenever possible (then a compromise won't compromise the information contained in emails)
- Don't store important information in your email
- Back up important contacts/information
This won't make this account invulnerable to attack, but it will make it significantly harder to attack, and will diminish the damage done if it is. Remember, security is a scale, not a binary. It isn't that a service is secure or not secure. It is that aservice is more secure or less secure. Your goal is to make everything more secure. Using tools like Tor and TAILS help to make things much more secure.
Segregation of Identity
One way that you can reduce the impact of an account getting compromised is to practice Identity Segregation. This means that you seperate your accounts/activities into various identities and do not allow cross contamination between them.
For example, you may have an identity you only use for financial transactions. For this you might have a special email address with a very strong password. You would not use this email account for anything else, and would never post it online. You might choose to download, and then delete all emails to this account so that any compromise would not compromise any of your financial data. Perhaps you decide that to provide the greatest protection, you only want to access your banking information on a particular computer and do nothing else on that computer. Perhaps, that is too far but you still want security so you decide to only use Chrome for banking, and Firefox for general web browsing. Or possibly simply have different identities within Chrome. Modern browsers allow you to maintain and sign into different identities with different shortcuts, browsing histories, etc.
Each of these choices affords different levels of security. It is up to you to decide which is appropriate based on your threat model, tolerance for inconvenience, and comfort with risk. Someone very risk averse may tolerate more inconvenience for more security. Someone with no concern for their data might dispense with good security practices for the sake of convenience. Most of us will fall somewhere in the middle. Tails and Tor help with Segregation of Identity by breaking the link between different activities and making it very difficult to track you across multiple websites on the Internet.
What is Tor?
Tor is a protocol that wraps you web traffic in three layers of encryption and bounces it through three randomly chosen servers (called relays or nodes) around the world. This prevents the website on the other end of the connection from knowing who you are or where you are connecting from. The following video provides a nice overview of the Tor network.
The main way to use the Tor network is buy downloading the Tor Browser Bundle (you can get it from https://www.torproject.org/download/download). This modified version of Firefox will work on all operating systems.
What does it do?
- The Tor Browser Bundle will route all of its traffic through the Tor network. This ensures anonymity and privacy while browsing by preventing websites from knowing your ip address.
- It will establish a new circuit through three randomly selected Tor nodes for every new website you connect to. This will prevent tracking across multiple websites.
- The Tor Browser bundle includes the HTTPS Everywhere and NoScript add-ons. These ensure you are using end to end encryption if it is available and prevent certain attacks and tracking methods from being used against you.
- Using the Tor Browser Bundle makes you look like everyone else using an unmodified version of the Tor Browser Bundle. This prevents fingerprinting attacks where websites can figure out who you are by the unique configuration of your browser even if you aren't logged in to the website. (To find out more about browser fingerprinting, visit https://panopticlick.eff.org).
What does it not do?
- Tor does not provide end to end encryption. Once traffic has left the exit node (the last link in the chain) it is outside of the Tor network and Tor cannot encrypt it anymore. This is why it is important to use https in addition to Tor.
- Tor does not prevent you from revealing information about yourself. If you log in to a website, that website will then know who you are. Tor helps to prevent your privacy from being compromised without your knowledge or consent, but can do nothing if you voluntarily give out your information.
- The Tor Browser Bundle does not force all traffic through the Tor network. Other applications on your computer can still connect outside of the Tor network. The Tor Browser Bundle can only route its own traffic through the Tor network.
What should you avoid doing while using Tor?
- Torrenting - torrent clients are well known for making direct connections outside of Tor. This breaks any anonymity you might think you have and reveals your real IP Address.
- Adding plugins or Add-Ons to the Tor Browser - plugins such as flash and quicktime can be exploited to break Tor's anonymity. Other add-ons are not tested by the Tor project and could break your anonymity as well. Additionally installing add-ons makes your Tor Browser unique which eliminates the fingerprinting defense mentioned earlier.
- Open downloaded files while online - It is possible that anything you download could contain malicious software that could break your anonymity. If you must open downloads, do so offline. An even safer solution is to use a virtual machine with networking turned off. To find out more about virtual machines go to https://www.virtualbox.org/.
The Amnesic Incognito Live System (TAILS)
One of the problems with using the Tor Browser Bundle is that it can only secure the web browser. The rest of your operating system is as vulnerable as any other and other programs can make their own connections to the internet without using the Tor network. One very good way to address these shortcomings is to use a completely different operating system that has been designed from the ground up for privacy and anonymity.
Amnesic - It leaves no trace on your computer so everything is forgotten when you quit
Incognito - It is forces all network communications through the Tor network providing strong anonymity protections
Live - It is designed to run off of a "live" usb drive. This means that the operating system doesn't touch your normal hard drive.
TAILS is great because:
- It uses state of the art encryption for files, emails, and instant messaging
- It leaves no trace on the computer it is used on.
- It gives strong privacy protection by forcing all traffic through the Tor Network
- It is a mobile operating system that can be carried on a keychain and used anywhere
You can download TAILS from https://tails.boum.org/.