1. Andrew Lewman The Tor Project
Online Anonymity
Andrew Lewman
The Tor Project
I AM ANDREW FROM THE TOR PROJECT
BUSINESS MANAGER FOR THE PROJECT
GENERAL HELPER
PACKAGE BUILDER
WINDOWS,
OSX
SOME LINUX
feel free to ask questions as I talk, I'd rather an interactive discussion than all of you fighting to stay awake right after lunch

2. What is Tor? online anonymity software and network
open source, freely available
active research environment
OPEN SOURCE, FREELY AVAILABLE SOFTWARE
3-CLAUSE BSD
THE SAME SOFTWARE IS BOTH CLIENT AND SERVER
NETWORK IS RUN BY VOLUNTEERS
I'LL TELL YOU WHY THIS MATTERS
ACTIVE RESEARCH ON TOR MEANS STRONGER TOR, “THAT WHICH DOESN'T KILL YOU MAKES YOU STRONGER”
derived from the “onion router” software developed by the naval research labs in the late 1990s, Tor is known as 2nd generation onion routing

3. 2000 Nodes AS OF LATE JULY 2008, WE HAVE ROUGHLY 2000 ACTIVE NODES
THIS GRAPH SHOWS GROWTH FROM SEPTEMBER 2005 THROUGH AUGUST 2007
WE STOPPED COUNTING BECAUSE THE VOLUME OF META-DATA ABOUT THE NODES GREW TO OVER 17GB A MONTH

4. 250,000
ROUGH APPROXIMATIONS SHOW 250,000 TOR USERS EARLIER THIS YEAR

5. The Tor Project, Inc.
501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity
formerly a part of the Freehaven Project, spun off by Roger Dingledine into The Tor Project in December of 2006
Why a non-profit corp you may ask? It gives us access to a wider variety of funders and donors than as a collection of individuals

6. WHERE DOES TOR GET IT'S MONEY?
AS OF JULY 2008, 3 CONTRACTORS, 3 EMPLOYEES, MANY VOLUNTEERS
WHY GOVERNMENTS?
LAW ENFORCEMENT
MILITARY
HUMANITARIAN MISSION
AN EXAMPLE IS THE US BBG/IBB VOICE OF XXX

7. Who uses Tor? Normal people Law Enforcement Human Rights Activists
Business Execs
Militaries
Abuse Victims
anonymity loves company, much like the general internet, the strength of tor comes from it's diverse userbase. if any one group was the majority userbase, tor would be known as “the network for that X group”
many people tell us off the record that they use tor, these people are both local and federal law enforcement officers, lawyers, soldiers, human rights activists, high profile business execs, and of course, plenty of normal people use tor too
many cancer survivors and victims of child, sexual, and domestic abuse use tor; this runs into interesting morality issues when people try to ban child/sexual/domestic porn based on filtering keywords or images

8. How Tor works Bob Alice R1 R3 Bob2 R5 R4 R2
Alice wants to talk to Bob,
alice's tor client picks the circuit from available nodes,
alice then extends a circuit through 3 nodes,
alice's tor client uses hashing and encryption to be sure it's talking to the 3 nodes it chose,
alice's tor client then sends the data to bob
the data is unencrypted at the 3rd node, called an exit node
someone watching alice's connection doesn't know what data is passing over it, only knows alice is talking to the first node
if people understand this, perhaps cover hidden services on R4, for example R5 R4 R2

9. Available Packages Tor Browser Bundle Vidalia Bundles
Torbutton for Firefox
the easiest way to get and use tor is the tor browser bundle, it's a self-contained set of programs that can be put on a usb key, compact flash, anywhere with 50 mb of space; however it's only for windows at this time.
the vidalia bundles are the next easiest to use. they come pre-configured for tor, vidalia, and a proxy server. if you have firefox, the bundle installs torbutton which easily enables tor for web-browsing
we also offer expert packages that you can configure yourself

10. Operating Systems and Applications leak your info
Tor doesn't magically encrypt the Internet
Browser Plugins, Cookies, Extensions, Shockwave/Flash, Java, Quicktime, and PDF all conspire against you
remember, tor is designed to hide your location, and protect local snoops from finding what you're doing over tor
users however, leak data all over the place, it's not much good to use tor if you're going to give away your address, phone numbers, and addresses. you can, it's up to you
applications and your operating system aren't designed for privacy nor anonymity; they too will try to give up your location and personal details without trying
browser plugins also leak data, and in most cases, completely run in their own virtual machine, bypassing your browser settings, this is why torbutton disables them by default

11. Alternatives Commercial*: JanusVM Anonymizer.com IronKey Xerobank
Relakks
* You must trust the corporation
Free/Open Source:
Incognito Live CD
Portable Tor
OperaTor
there are many alternatives to tor, if all you want to do is hide or protect your data from a local attacker, a single-hop proxy is a fine solution
the risk with single hop proxies and commercial tor providers, are you have to wholly trust the provider. if your threat model involves the legal system, tor may be a better answer.
livecd's are a fine solution if you dont want to leave a trace, simply boot into the operating system on the cd, use it, and eject, nothing was written to disk.

12. Help? Documentation (torproject.org/documentation) Mailing lists
OR-talk
wiki.torproject.org
IRC channel (#tor on irc.oftc.net) Me
as we're a small, technical organization, our documentation is technical. it's included in the vidalia bundles, and on our website. there are mailing lists and irc channels to help out. at worst, if you get stuck, or need help, feel free to me or others, tor-assistants is a fine list of dedicated volunteers who can answer your questions
we'd love help making our documentation more non-technical and user friendly

13. Live Demo
and now, for a live demo, before we being, any questions?

14. Copyright
who uses tor? /sizes/l/, Matt Westervelt
danger!, /sizes/l/, Luka Skracic
250k, /sizes/l/, Camera Chick