When you go online, you leave tracks all over the place. You could be hanging out with friends on IM, checking out websites, or downloading music. If you live in a country where snoops are prying into what ordinary citizens do online (lke, um, the US) you want a way to cover those tracks.

If you're in school, though, then it's even worse. No matter what country you're in, chances are that your access to the internets is as snooped-on as any police state in the world.

So, how do we escape our little virtual prisons? In this Instructable, I'll tell you about something called Tor (The Onion Router.) I'll tell you how it works, and then offer some simple instructions on how to get your web browser hooked up. No more getting snooped!

Step 1: How Tor Works

An "onion router" is an Internet site that takes requests for web-pages and passes them onto other onion routers, and on to other onion routers, until one of them finally decides to fetch the page and pass it back through the layers of the onion until it reaches you. The traffic to the onion-routers is encrypted, which means that the school can’t see what you’re asking for, and the layers of the onion don’t know who they’re working for. There are millions of nodes—the program was set up by the US Office of Naval Research to help their people get around the censorware in countries like Syria and China, which means that it’s perfectly designed for operating in the confines of an average American high-school.

Tor works because the school has a finite blacklist of naughty addresses we aren’t to visit, and the addresses of the nodes change all the time—no way could the school keep track of them all.

There's a more complete overview, here, but let's get on to installing Tor.
I'm sorry - this is a nice article but I strongly advise against anyone considering doing this. - Using TOR is not as secure as a lot of people think:<br/><br/>The TOR network works by channeling your data through a chain of highly encrypted SSH proxy tunnels, a so called &quot;proxy chain&quot;. <br/><br/>If you visit, for example, this link: <a rel="nofollow" href="http://www.google.com/search?hl=en&amp;q=paris+hilton,">http://www.google.com/search?hl=en&amp;q=paris+hilton,</a> your request will be encrypted and tunnelled to another TOR user, then another, then another and so on. Your data could be passed around 20 times. The other TOR users cannot see the link you typed in (as it is encrypted). This sounds very very secure. <br/><br/>However, the data has the be decrypted again before google can understand what you searched for. In order to do this, the last TOR user in a proxy chain is called an &quot;exit node&quot;. The exit node decrypts the data, contacts google for your results, encrypts the results and sends them back through the chain to you.<br/><br/>Sound secure so far? Well, actually, it does.<br/><br/>But what happens if the exit node runs a packet sniffer (like Wireshark) on their computer to monitor outgoing network connections? The url you typed in appears in plain text on their screen. They don't know who you are, but they saw what you did.<br/><br/>I hear you ask; &quot;So what? - I don't care if a random Ukranian sees that I searched for 'Paris Hilton'.&quot; True. Most random Ukranians won't care at all if you searched for Paris Hilton. In fact, they may enjoy calling up the same link you searched for. But what about if you had been reading your hotmail email instead? - They get to see what you typed and to who you sent it.<br/><br/>The problem gets even worse if you start channeling E-Mail and Instant messenger programs through TOR. The POP3 E-Mail protocol sends usernames and passwords in PLAIN TEXT to the mail server. This means, that an exit node could sniff outgoing traffic and steal your email account. - They could then probably go to Paypal.com and request that your password be sent to your registered email address. The would then steal your Paypal information directly from your email account. - Is it sounding very secure now? Bye bye money.<br/><br/>But that isn't all... Some exit nodes act as bridges between you and the website you want to access, altering the data before it is send back to you. e.g. They could change all references to the name, &quot;Paris Hilton&quot; into &quot;Bill Gates&quot;. - All of a sudden, you aren't looking at the innocent pictures you intended. <br/><br/>Even worse: It is possible for exit nodes to dynamically swap out SSL certificates of secure websites. If you called up <a rel="nofollow" href="https://www.myreallysecurebank.com">https://www.myreallysecurebank.com</a> over TOR, you might be sent back an SSL certificate which doesn't actually belong to your bank. - This would mean that your login details for your online banking are also visible to the exit node. - Bye bye money, again.<br/><br/>Sorry to rant on, but this should really be known before anyone tries to use the TOR network.<br/><br/>I am not saying TOR is bad - but don't ever consider sending anything personal over it or you might end up with less security than you bargained for.<br/><br/>Thanks<br/><br/>Dave from Germany.<br/>
Another thing; some school security filters are programmed to detect proxy servers, and content, not specific sites<br />
I get what you are trying to say but for things non email and IM would it be safe to use?
Hi Dave,<br /> <br /> I am a random Ukrainian (in US)&nbsp;but I will snoop your packets, no doubt, no doubt at all.<br /> <br /> TOR&nbsp;users - you have been warned.<br /> <br /> Sincerely,<br /> Random&nbsp;Ukrainian - Thorax Impailor<br />
Please explain in simpler terms, I'm afraid I don't understand. <br />
the last computer it goes through is the one that decrypts it, and therefore can see in plain text what it is you put in i.e. google search, personnel information
Tor doesn't claim to solve all your Internet security problems.<br/><br/>It does protect you against determination of your location by the Internet sites you visit, and against traffic analysis -- inspection of your destinations by a person looking at your computer's link. It can get your communications through a hostile filter or firewall, because it encrypts the links from your computer to the Tor entry node, and at all points between there and the exit (3 hops, if you haven't changed configuration). <br/><br/>If you want to communicate securely, you should still use encryption direct to your destination (https), and you should heed browser warnings if the SSL security certificates don't match. <br/>
How does it do this, and when I tried it, I typed in <a rel="nofollow" href="https://google.com,">https://google.com,</a> and it just switched back to <a rel="nofollow" href="http://google.com,">http://google.com,</a> am I doing it wrong?<br/>
Secure sites. Uses encryption.
higly informative and very,very true...
Very good point...though I doubt someone would need to use TOR to use the bank...
Tanzst auf dein computer, Dave from Deutschland!
if that is the case, what alternatives do we have?
Thank you for that.
Thanks for writing that, very informative.
<p>This occurred partly because he so reasonably designed his assumption that the unsophisticated 18th millennium visitors took him quite basically and were absolutely aghast at the proposal. &lt;a href=&quot;http://www.bbf-bd.org/&quot;&gt;bbf-bd&lt;/a&gt;</p>
<p>great 'Ible. I am planning to make a tails bootable USB fpr secure everything cuz it uses tor and other stuff</p>
<br> To stay anonymous online, I use HotspotShield. Free app, easy to use and pretty <br> fast :)<br><ul><li>Desktop (Windows &amp; Mac): <a href="http://bit.ly/1zvHUpE" rel="nofollow">http://bit.ly/1zvHUpE</a><li>Android: <a href="http://bit.ly/1mVAkmV" rel="nofollow">http://bit.ly/1mVAkmV</a><li>iOS: <a href="http://bit.ly/1uHKqGG" rel="nofollow">http://bit.ly/1uHKqGG</a></ul> <br>
<p>All I wanted to do is visit the dark web sight &quot;The silk road&quot; Is this fine?</p>
So I'm at school right now, could anyone please upload the browser into a comment so it can be downloaded directly?
i have the same question as sandshock. the security system im trying to get past is the K9 web protection. and all i really want is to download music and get on facebook. however when i installed the firefox add thing. and then i clicked it so it was saying it was activated, it froze the page. i was unable to click on any links to go to another page. and it wasnt letting me go to sites. it was saying the proxy wasnt allowing it. how do i fix this problem?<br />
download tor browser bundle
use Tor to go on DEEP WEB for some fun
This is the link for the HIDDEN WIKI ===&gt; http://7jguhsfwruviatqe.onion/index.php/Main_Page <br>you have to use TOR to view this <br> <br>or in a regular browser do this https://7jguhsfwruviatqe.onion.to/index.php/Main_Page <br> <br>this is through a proxy. whatever you do on the wiki please be careful with what you click on because there is a lot of CP on deepweb
this as been around since years back but only juz now are you reading about it in the news i think people would be dumb to use everything on your pc is saved in temp files if one of these links get shared with nearly all are,when you clean your browser remove apps install and uninstall browsers the info iis passed to micro-soft to help improve performances this is also being used to share and sell things like child porn which needs to be stopped as its a encouragement to these sickos ide advise that any download links to these sites or browsers should be removed from the normal internet full stop
I agree, I use Opera, I for some reason never took a liking to Firefox.
Awesome it works
I dont see why you cant install this on a flashdrive and then use it on any computer.
Actually, you can. They have a bundle you can download that's designed for exactly that.
Very nice. Like the last step. But, If I'm on a school computer that isn't a SchoolBook, and it runs explorer, do I install Firefox? What if I like chrome better? Is there a tor set up for chrome? Please post tor instructions for other browsers. Djcw (Your friendly neighborhood Sort of, not really kind of anti-over-governmental libertarian)
This is great. Is there a how-to on setting up a pirate party email?
I saw the same thing in Little Brother. I am not quite sure.
two questions. &nbsp;1) do you have to install this, even if you do the firefox thing? &nbsp;2) do you have to have administrator access to install this?
I know I made a instructable on this to, but isnt this a word for word copy of the book little brother. Its great and all, but I'm wondering if you should state that its from the book, and that you didnt write it yourself. uness your the author of course. If you are, thought that book was great.
&nbsp;Note the author's name...<br /> <br /> And it's linked from the ebook version straight from Doctorow's site, so I think he knows and is cool with it.<br />
Why are so many of the featured software instructables just people copying the how-to? Why are we rewarding people for unoriginal work?
Don't quote me on this, but I heard that this was made by the United States Navy. Any one know if that is true?
While this will give you some protection you might want to ask questions like hrm what happens if my box is the server sending information that some unknown person is looking for and they grab my ip instead? Annotherwords if you are running this as a server sooner or later you will be sending data that someone else requested. If that data is suspect it can be traced to the wrong party and has in the past. be aware. Sunset1
One of the great things about Tor is, that this guy forgot, is that its encrypted. If someone runs something that comes off your computer, you cant see it, but nobody else can see it came from you (unless your the only german person running tor at the time and google comes up in german) Also, you have to agree to be a volunteer to let other people use your computer as a bounce off point. Finally, the request and webpage is bounced off so many different IP addresses that it is impossible for anyone to tell where exactly it came from, so anyone who uses Tor is well protected from false accusations.
good point ill be carefull.
not for secure transmission, but a good way to screw with your big brother overlords.
Well this sounds really cool but it wouldn't be any good at my school. First of all the program files and such are all stored on a network so basically you can't install anything without access to it. My school has Firefox that works on some computers but on the majority it will not work. Of coarse I could always make a precice copy of my schools whole system stick it on a usb and boot from that lol.
I am currently running the same version of Tor on A U3 drive that would typically be used non-portably. There is no need for a portable version. Just save it in the downloads folder.
try a portable version that runs off USB or CD:<br/><a rel="nofollow" href="http://portabletor.sourceforge.net">http://portabletor.sourceforge.net</a><br/><a rel="nofollow" href="http://www.browseanonymouslyanywhere.com/incognito">http://www.browseanonymouslyanywhere.com/incognito</a><br/>
I would be wary of using tor button, if you look at the comments a lot of people are complaining that it leaks information to alexa, which pretty much kills the point of using it. (I haven't personally checked the validity of those claims, but just a quick heads up for anyone who cares)
tor button can compromise your anonymity if you toggle it on and off without closing your browser.<br/><br/>here's an example: you are logged in to some sort or message board via tor. in another tab you are checking your web based email. your email is slow or not usable via tor, so you toggle it off while you are checking your mail. meanwhile in another tab, your politically sensitive message board view refreshes, essentially causing you to request the page without using tor, since you turned it off to check your email.<br/><br/>so, log out of everything and close your browser before toggling tor button. log out and close before turning it off, log out and close before turning it back on.<br/><br/>it is mentioned in detail in this talk from defcon:<br/><a rel="nofollow" href="http://video.google.com/videoplay?docid=-9081582671026610093&amp;q=defcon+roysac.com+dingledine&amp;total=1&amp;start=0&amp;num=10&amp;so=0&amp;type=search&amp;plindex=0">http://video.google.com/videoplay?docid=-9081582671026610093&amp;q=defcon+roysac.com+dingledine&amp;total=1&amp;start=0&amp;num=10&amp;so=0&amp;type=search&amp;plindex=0</a> <br/>
kinda sad because i was going to post an ible about tor, then i found this because i slacked off :(
Spreading the word about the existence of Tor for client side use is all well and good, but it is a passive activity, which depends on the goodwill of altruistic volunteers.<br/><br/>If you have tried Tor and found it to be frustratingly slow sometimes, then you can increase your Personal Anonymity online (not to be confused with the allied, but different concepts of Confidentiality or Privacy or Security) by running a <a rel="nofollow" href="https://www.torproject.org/docs/tor-doc-relay.html.en">Tor Exit relay node</a> on your home or office network, and getting your gateway / firewall to allow or map the appropriate ports through to the Tor server machine.<br/><br/>Currently the Tor relay node cloud has about 2000 nodes, about half of which act as Exit Nodes. Only about half of Tor nodes are actually online and available at any one time. These Tor Exit nodes and relays are run by volunteers - see this <a rel="nofollow" href="https://torstat.xenobite.eu/">Tor network status</a> page. <br/><br/>The differences between various countries , especially regarding their relative internet infrastructure, is interesting, and, frankly, rather shameful for certain countries. Germany has the most Tor relays and Tor Exit nodes, followed by the USA, then China.. Many so called democracies with millions of broadband internet users only host a handful of Tor nodes e.g. Japan or the United Kingdom (no language difficulty excuse).<br/><br/>&quot;Anonymity likes crowds&quot;, so your own web browsing via, say, your home ADSL gateway, will be hidden amongst all the traffic you are getting from around the world, which is also exiting from that gateway's IP address., usually for no more than 10 minutes at a time from any one anonymous Tor user.<br/><br/>This increases your &quot;plausible deniability&quot; and increases the time and effort which casual snoopers need in order to try to analyse your internet connectivity patterns. <br/><br/>That may not be sufficient to deter law enforcement or intelligence agency snoopers if you are part of an active investigation, but it might put them off arbitrary data trawling.<br/><br/>If you have some spare broadband bandwidth, perhaps at night or at weekends, please consider running, even a part time, bandwidth limited Tor relay. <br/><br/>If you want to be part of the freedom and liberty loving elite, who actually do something really positive, then you should run a Tor Exit node.<br/>

About This Instructable


177 favorites


Bio: Taking back the world, one hacked game console at a time ... Have you ever felt like the technology you love could be used against you ... More »
More by m1k3y: Go Online without Getting Snooped: Tor (The Onion Router) How to blend in with crowds. How to lie to authority figures
Add instructable to: