Tor Releases Alpha Version of Browser to Block certain De-anonymization Exploits

The Tor browser is a tool used by Edward Snowden, journalists, US government workers traveling overseas, terrorists, criminals, pedophiles, and people downloading movies and doing chat to protect their IP address from discovery. But recently there was a zero day defect that unmasked the identity of whoever was using it. So Tor has hardened its browser against that.   Here we given an overview of that.

The hardened Alpha version of Tor is here. You have to build that one from source code. The production version is here. Just download that one to use it.

Using Tor to Hide Your IP Address
When you visit a web set, you transmit your IP address to that site. That is necessary so that the website knows where to send the page you requested.

Tor, is opensource software that lets you mask your IP address. Tor, ironically, was developed with American Department of Defense funding. This is ironic because now their enemies are using it.

Why is Tor important? If law enforcement, content owners, or an intelligence agency knows you IP address then they can go to your ISP and, using a warrant or subpoena, make them hand over your name and address. So if you are downloading software or movies without paying for those then you can get sued. If you are breaking the law, you can be jailed.

What Tor does is use a distributed network of other people running Tor to bounce your request for a web page in a circuitous route around the internet.

Each Tor node does not know the IP address from where the data came nor where it is going. Instead it just knows the IP address of the next node where it is supposed to hand off the data that passes through it. Only the entry and exit node know the originating address. Even those two do not know both the source and target IP addresses, because that IP address data is encrypted in the Tor payload.

tor alpha version

FBI Exploits Weakness
Threatpost reports that in 2015, the FBI exploited a weakness found in Tor. They recorded the IP and MAC addresses of people who were visiting a child porn website.

The MAC address uniquely identifies a single computer, while the IP address only identities the router in a home or office, unless you are using a cell phone.

Because of NAT (network address translation), the IP address broadcast on the public internet is not enough to show exactly from which computer a request came when you use a router. That is because all the people in a home or small office share the same public IP address, since they all share the same router. The router translates that to the internal IP address on the home or small office network to send it to the respective computer.

Each computer networking card has a unique MAC address. That is like a serial number created when the network card was manufactured. This is true for any device that connects to any ethernet (i.e., internet) network.

Hardening Tor using Sandbox Containers
The new version of Tor runs in a sandbox that does not know the IP or MAC address of the user running the Tor browser. The idea of a sandbox is to run a process in a container that has limited access to the host operating system. Android, for example, recently added containers to its OS recently to harden them from hacking. So has Windows.

As you can imagine, since knowing the IP address is a key piece to using the internet (which is an IP network), getting the sandbox idea to work by the Tor project has been difficult, they say. So it is still in Alpha mode. Tor developers caution that it might still have other security problems.

The Alpha version only works on Linux, for now. The Tor developers say to also add Qubes, Subgraph, or Tails to further harden the OS against leaking the IP address if you want to use their Alpha version.

Bittorrent and Tor
Finally, users who want to use Tor should know that if you use the Tor browser that does not hide your IP address in a bittorrent client. To do that you would need to configure your bittorrent client to use the Tor proxy. After all the Tor browser is just a Mozilla/Firefox browser that has been compiled to use the Tor proxy server on the PC when the browser is started.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal