mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2026-06-26 03:34:45 +00:00
fix: Wiki in-article images moved to proper locations
This commit is contained in:
@@ -86,7 +86,7 @@ P2P networks do not use servers, as peers communicate directly between each othe
|
||||
|
||||
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
|
||||
|
||||
There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](../tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
|
||||
There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](../tor-overview/_index.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
|
||||
|
||||
Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
|
||||
|
||||
|
||||
@@ -131,7 +131,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
|
||||
|
||||
## Why **shouldn't** I use encrypted DNS?
|
||||
|
||||
In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](tor-overview.md) or a [VPN](../../tools/services/vpn/_index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
|
||||
In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](tor-overview/_index.md) or a [VPN](../../tools/services/vpn/_index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
|
||||
|
||||
When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:
|
||||
|
||||
|
||||
@@ -87,7 +87,7 @@ If you go this route, make sure to purchase Monero at different times and in dif
|
||||
|
||||
When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
|
||||
|
||||
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../tools/services/vpn/_index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
|
||||
When purchasing online, ideally you should do so over [Tor](tor-overview/_index.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../tools/services/vpn/_index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
|
||||
|
||||
<!-- TODO: Admonition -->
|
||||
<div class="admonition tip" markdown>
|
||||
|
||||
@@ -4,11 +4,11 @@ weight: 20
|
||||
description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible.
|
||||
---
|
||||
|
||||
{ align=right }
|
||||
|
||||
|
||||
[**Tor**](../../tools/advanced/alternative-networks/_index.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
|
||||
|
||||
[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor){ .md-button }
|
||||
[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor)
|
||||
|
||||
Tor works by routing your internet traffic through volunteer-operated servers instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
|
||||
|
||||
@@ -31,7 +31,7 @@ If you have the ability to access a trusted VPN provider and **any** of the foll
|
||||
- Your threat model includes your ISP itself as an adversary
|
||||
- Your threat model includes local network administrators before your ISP as an adversary
|
||||
|
||||
Because we already [generally recommend](../basics/vpn-overview.md) that the vast majority of people use a trusted VPN provider for a variety of reasons, the following recommendation about connecting to Tor via a VPN likely applies to you. <mark>There is no need to disable your VPN before connecting to Tor</mark>, as some online resources would lead you to believe.
|
||||
Because we already [generally recommend](../../basics/vpn-overview.md) that the vast majority of people use a trusted VPN provider for a variety of reasons, the following recommendation about connecting to Tor via a VPN likely applies to you. <mark>There is no need to disable your VPN before connecting to Tor</mark>, as some online resources would lead you to believe.
|
||||
|
||||
Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic [has been done](https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax) in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions.
|
||||
|
||||
@@ -100,7 +100,7 @@ Additionally, Tor Browser is based on Firefox's Extended Support Release builds,
|
||||
1. Look for new Critical/High vulnerabilities in Firefox nightly or beta builds, then check if they are exploitable in Tor Browser (this vulnerability period can last weeks).
|
||||
2. Chain *multiple* Medium/Low vulnerabilities together until they get the level of access they're looking for (this vulnerability period can last months or longer).
|
||||
|
||||
Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../os/qubes/_index.md) to contain your Tor browsing in a secure virtual machine and protect against leaks.
|
||||
Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../../os/qubes/_index.md) to contain your Tor browsing in a secure virtual machine and protect against leaks.
|
||||
|
||||
## Path Building to Clearnet Services
|
||||
|
||||
@@ -109,8 +109,8 @@ Those at risk of browser vulnerabilities should consider additional protections
|
||||
Every time you [connect to Tor](../../tools/software/tor/_index.md), it will choose three nodes to build a path to the internet—this path is called a "circuit."
|
||||
|
||||
<figure markdown>
|
||||
|
||||
|
||||
|
||||
|
||||
<figcaption>Tor circuit pathway</figcaption>
|
||||
</figure>
|
||||
|
||||
@@ -145,8 +145,8 @@ The exit node will be chosen at random from all available Tor nodes ran with an
|
||||
Connecting to an Onion Service in Tor works very similarly to connecting to a clearnet service, but your traffic is routed through a total of **six** nodes before reaching the destination server. Just like before, however, only three of these nodes are contributing to *your* anonymity, the other three nodes protect *the Onion Service's* anonymity, hiding the website's true IP and location in the same manner that Tor Browser is hiding yours.
|
||||
|
||||
<figure style="width:100%" markdown>
|
||||
|
||||
|
||||
|
||||
|
||||
<figcaption>Tor circuit pathway with Onion Services. Nodes in the <span class="pg-blue">blue</span> fence belong to your browser, while nodes in the <span class="pg-red">red</span> fence belong to the server, so their identity is hidden from you.</figcaption>
|
||||
</figure>
|
||||
|
||||
@@ -165,8 +165,8 @@ Once Tor has built a circuit, data transmission is done as follows:
|
||||
Below is an alternative diagram showing the process. Each node removes its own layer of encryption, and when the destination server returns data, the same process happens entirely in reverse. For example, the exit node does not know who you are, but it does know which node it came from, and so it adds its own layer of encryption and sends it back.
|
||||
|
||||
<figure markdown>
|
||||
|
||||
|
||||
|
||||
|
||||
<figcaption>Sending and receiving data through the Tor Network</figcaption>
|
||||
</figure>
|
||||
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="linearGradient9148" x1="256" x2="256" y1="512" gradientUnits="userSpaceOnUse" xlink:href="#linearGradient-1"/><linearGradient id="linearGradient-1" x1=".5" x2=".5" y1="1"><stop stop-color="#420C5D" offset="0"/><stop stop-color="#951AD1" offset="1"/></linearGradient><filter id="filter-3" x="-.13853" y="-.052174" width="1.2424" height="1.1043"><feOffset dx="-8" dy="0" in="SourceAlpha" result="shadowOffsetOuter1"/><feGaussianBlur in="shadowOffsetOuter1" result="shadowBlurOuter1" stdDeviation="10"/><feColorMatrix in="shadowBlurOuter1" values="0 0 0 0 0.250980392 0 0 0 0 0.250980392 0 0 0 0 0.250980392 0 0 0 0.2 0"/></filter><linearGradient id="linearGradient9150" x1="198.27" x2="198.27" y1="346.53" y2="20.551" gradientTransform="scale(.70864 1.4111)" gradientUnits="userSpaceOnUse" xlink:href="#linearGradient-1"/></defs><g id="Assets" transform="matrix(.066017 0 0 .066017 .032876 -.00026436)" fill="none" fill-rule="evenodd"><g id="Group"><g id="tb_icon/Stable"><g id="Stable"><circle id="background" cx="256" cy="256" r="246" fill="#f2e4ff" fill-rule="nonzero"/><path id="center" d="m256.53 465.44v-31.033c98.301-0.28386 177.9-80.042 177.9-178.41 0-98.365-79.595-178.12-177.9-178.41v-31.033c115.44 0.29096 208.92 93.937 208.92 209.44 0 115.51-93.482 209.16-208.92 209.45zm0-108.62c55.445-0.29095 100.32-45.304 100.32-100.83 0-55.516-44.878-100.53-100.32-100.82v-31.026c72.59 0.28386 131.36 59.192 131.36 131.85 0 72.661-58.766 131.57-131.36 131.85zm0-155.1c29.742 0.28386 53.777 24.462 53.777 54.274 0 29.82-24.036 53.997-53.777 54.281zm-256.53 54.274c0 141.39 114.61 256.01 256 256.01 141.38 0 256-114.62 256-256.01 0-141.38-114.62-255.99-256-255.99-141.39 0-256 114.61-256 255.99z" fill="url(#linearGradient9148)"/><g id="half" transform="matrix(-1,0,0,1,281,0)"><path d="m25 29c127.58 0 231 102.97 231 230s-103.42 230-231 230z" fill="#000" filter="url(#filter-3)"/><path d="m25 29c127.58 0 231 102.97 231 230s-103.42 230-231 230z" fill="url(#linearGradient9150)" fill-rule="evenodd"/></g></g></g></g></g></svg>
|
||||
|
After Width: | Height: | Size: 2.1 KiB |
Reference in New Issue
Block a user