According to the Tor Project website:
“Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor’s users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features.”
This article is an excerpt taken from the book, Hands-On Dark Web Analysis written by Sion Retzkin. In this book, you will learn how to install operating systems and Tor Browser for privacy, security, and anonymity while accessing them. In this article, we will understand what Tor and the Tor browser is and how to install it in several ways.
Tor (which is an acronym for The Onion Router, by the way) is a privacy-focused network that hides your traffic, by routing it through multiple random servers on the Tor network.
So, instead of the packets that make up your communication with another party (person or organization), going from point A to B directly, using Tor, they will jump all over the place, between multiple servers, before reaching point B, hiding the trail.
Additionally, the packets that make up the traffic (or communication) in the Tor network are wrapped in special layers, which only show the previous server or step that the packet came from, and the next step, hiding the entire route effectively.
Tor Browser is a web browser, based on Firefox that was created for the purpose of accessing the Tor network, securely and privately.
Even if you use Tor, this doesn’t mean that you’re secure. Why is that? Because Tor Browser has software vulnerabilities, the same as every other browser. It’s also based on Firefox, so it inherits some of its vulnerabilities from there as well.
You can minimize attack vectors by applying common security sense, and by employing various tools to try to limit or prevent malicious activity, related to infecting the Tor Browser or the host running it.
Installing Tor on Linux
Let’s start with a classic installation, by accessing the Tor Project website, via a browser. The default browser that ships with Ubuntu is Firefox, which is what we’ll use.
Although you might think that this would be the best way to install Tor Browser, it’s actually the least secure, since the Tor Project website is continuously targeted by hackers and might have any number of security or privacy issues on it.
Instead of just downloading Tor Browser and immediately installing it (which is dangerous), you can either download the file and verify its hash (to verify that it is indeed the correct one), or you could install it through other methods, for example, via the Terminal, by using Linux commands, or from the Ubuntu Software Center.
We’ll start by going over the steps to download Tor Browser from the Tor Project website:
- After booting your Linux installation, open your browser
- Enter the following address and navigate to it: https://www.torproject.org/download/download-easy.html.en#linux.
Notice that the URL takes you directly to the Linux download section of the Tor Project website.
I usually prefer this direct method, rather than starting with Google (or any other search engine), searching for Tor, and then accessing the Tor Project website, since, as you may know, Google collects information about users accessing it, and the whole idea of this book is to maintain our privacy and security. Also, always verify that you’re accessing the Tor Project website via HTTPS.
- Choose the correct architecture (32 or 64 bit), and click the Download link.
- You’ll be able to choose what you want to do with the file—open it with Ubuntu’s Archive Manager, or save it to a location on the disk:
Downloading Tor Browser
Again, the quickest way to go would be to open the compressed file, but the more secure way would be to download the file and to verify its hash, before doing anything else.
The Tor Project provides GNU Privacy Guard (GPG) signature files, with each version of Tor Browser. You will need to install GnuPG on your Linux OS, if it isn’t there already, in order to be able to verify the hash of the browser package.
To do so, just open the Terminal and type in the following:
sudo apt install gnupg
Enter your password when required, and the installation will commence.
Most Linux installations already include gnupg, as can be seen in the following screenshot:
After installing GnuPG, you need to import the key that signed the package. According to the Tor Project website, the Tor Browser import key is 0x4e2C6e8793298290.
The Tor Project updates and changes the keys from time to time, so you can always navigate to: https://www.torproject.org/docs/verifying-signatures.html.en to find the current import key if the one in the book doesn’t work.
The command to import the key is as follows:
gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4e2C6e8793298290
This is followed by this:
gpg --fingerprint 0x4e2C6e8793298290
This will tell you whether the key fingerprint is correct.
You should see the following:
Verify key fingerprint
Now, you need to download the .asc file, which is found on the Tor Browser Downloads page, next to the relevant package of the browser (it appears as sig, short for signature):
ASC file location
You can find the Tor Browser download page here: https://www.torproject.org/projects/torbrowser.html
Now, you can verify the signature of the package, using the ASC file.
To do so, enter the following command in the Terminal:
gpg --verify tor-browser-linux64-7.5.6_en-US.tar.xz.asc tor-browser-linux64-7.5.6_en-US.tar.xz
Note the 64 that I marked in bold. If your OS is 32-bit, change the number to 32.
The result you should get is as follows:
Verifying the signature
After verifying the hash (signature) of the Tor Browser package, you can install it.
You can do so by either:
- Double-clicking the Tor Browser package file (which will open up the Archive Manager program), clicking Extract, and choosing the location of your choice.
- Right-clicking the file and choosing Extract here or Extract to and choosing a location.
After extracting, perform the following steps:
- Navigate to the location you defined.
- Double-click on the Start-tor-browser.desktop file to launch Tor Browser.
- Press Trust and Launch in the window that appears:
Notice that the filename and icon changed to Tor Browser.
- Press Connect and you will be connected to the Tor network, and will be able to browse it, using Tor Browser:
Connecting to Tor
Before we discuss using Tor Browser, let’s talk about alternative ways to install it, for example, by using the Ubuntu Software application.
- Start by clicking on the Ubuntu Software icon:
- Search for Tor Browser, then click on the relevant result:
Tor Browser in Ubuntu Software
- Then, click Install.
- After entering your password, the installation process will start. When it ends, click Launch to start Tor Browser.
Installing Tor Browser via the Terminal, from the downloaded package
Another way to install Tor is to use commands, via the Terminal.
There are several ways to do so, as follows:
- First, download the required Tor Browser package from the website
- Verify the download, as we discussed before, and then keep the Terminal open
- Navigate to the location where you downloaded Tor, by entering the following command:
For example, note the following:
- Then, launch Tor Browser by running the following:
Never launch Tor as root (or with the sudo command).
Installing the Tor Browser entirely via the Terminal
Next, we’ll discuss how to install Tor entirely via the Terminal:
- First, launch the Terminal, as before.
- Then, execute the following command:
sudo apt install torbrowser-launcher
This command will install the Tor Browser.
We need root access to install an app, not to launch it.
- You can then run Tor by executing the following command:
Thus, in this post, we talked about Tor, Tor Browser, how to install it in several ways, and how to use it. If you’ve enjoyed this post and want to know more about the concept of the Deep Web and the Dark Web and their significance in the security sector, head over to the book Hands-On Dark Web Analysis.