TOR what does it do?

[notahopeinhell]

Hi, guys

First thing to say is my knowledge of computing is limited!!

I have heard of TOR and wondered if it had any benefit in regards to online banking and security generally as I currently won't use online banking because of security issues - real or imaginery.

Although it claims to provide anonymous internet access I assume your ISP would know what sites you visit and that would be a security risk and also the bank would have to identify you wouldn't it?

I have read up about it from the help page on here but in truth I am as confused as ever.

Any clarification would be helpful.

Thanks.

[MichaelNyby]

With all due respect, if you don't trust your ISP you really need to change your ISP.

By the way, I wouldn't use TOR for online banking, or credit card transactions.

You should be able to find a fair bit of information why TOR isn't so secure for such activities.

But you not trusting your ISP is a bigger problem.

But it is probably not so good to discuss who your ISP is and why you don't trust them, unless site management indicates that is okay.

[Allan]

https://www.torproject.org/

[notahopeinhell]

Hi, Michael

I think I have misled you inadvertently I have no problem with my ISP at all what I meant to say was if your ISP know you are logging on to a bank site isn't that a security risk as a virus would also see who you are - not that I'm claiming the ISP is guilty of anything.

I'm probably not really explaining myself very well mainly because of lack of understanding on my part but hope that clarifies what I meant?   

Having read a bit about TOR - much of which i found confusing - I still don't get how you can be anonymous. 

If you don't recommend using my credit card with TOR or for online banking I'll give it a miss!!   

Thanks for your input.


 

[MichaelNyby]

My view is that an ISP is going to have top notch security in place and so should you.  So if you and your ISP are keeping yourselves protected then there should be no problem using your own work station for such things as online banking and credit card stuff, etc.

Quite frankly, the TOR project is meant to mask your IP address and I suspect your bank might even have security that will pick up on any masking and that will set off alarm bells with their security software.

But it will be interesting to read what other folks here think about this.

[camerongray]

What ToR does is route your internet traffic through a network of random computers all over the internet to make it harder to trace your actions back to yourself.  It is commonly used for nefarious purposes or by people who want the illusion of privacy.

Your connection to your bank is almost always (unless we are talking about a totally incompetent bank) going to use SSL encryption (https://) -  This means that your data is encrypted end to end, from when it leaves your PC to when it reaches the bank's computers - Your ISP cannot read this data, all they can see is that you are sending encrypted data to the bank.  With online banking, your account is extremely unlikely to be compromised over the network, if anything you would have your login details collected if you had a virus on your computer.

If I'm honest, using ToR for "privacy" or "security" is a bit silly, all it does is first of all route traffic through random people's computers (which IMO could actually make your data less secure), it has already been seen that some nodes on the ToR network have either been compromised or are run by the NSA.  And in the end, if you are trying to stay away from any sort of surveillance, using ToR shows that you are possibly up to no good.

Michael also makes a very interesting point, Bank's websites are often built to lock accounts that are suspected to be under attack, if you connect using ToR and are therefore detected as connecting from different countries all around the world, this could well be enough to lock you out.

[notahopeinhell]

Hi, guys

Thanks for your advice, both of you, I think I'll give TOR a miss as it clearly isn't as secure as I assumed!!

I have a free anti virus package (Avast) which so far appears to keep me protected and as has been said both my ISP
and bank should have something better in place as well.

Don't know if the paid for packages are significantly better but so far so good.

Thanks again. 

[BC_Programmer]

what I meant to say was if your ISP know you are logging on to a bank site isn't that a security risk as a virus would also see who you are?

Just responding to this bit/question specifically.

The ISP "knows who you are" because they are responsible for providing you with internet service. If somebody at the ISP wanted to watch everything you did, they could do so, in the same way that a person at the phone company could tap any of your phone calls. Of course BOTH if these are illegal, so we can safely assume this does not happen for the purpose of a hypothetical.

Viruses aren't something that "floats" around the internet like say the cold or a flu; malicious software get's installed via exploits and other mechanisms onto your system.

Once a virus has gotten onto your system, how you access the internet will not matter, because the virus is on your system and can do anything it wants.

For connections to banks or other financial sites, you'll typically connect with a secure connection. This is done to prevent what is known as a "man in the middle" attack, whereby a third party can intercept or see the data being transferred between your system and the bank to determine things like your passwords or security codes and such. This seems like it is the sort of thing you were referring to, and it is prevented by using encryption. Most logins nowadays connect via SSL to prevent this.

it has already been seen that some nodes on the ToR network have either been compromised or are run by the NSA.

In fact, Tor (or rather Onion routing) was created by the U.S Government. it is odd that the Anarcho-capitalists would come to rely on a tool initially created by the entity that they are trying to "protect themselves" from.

[notahopeinhell]

hi, BC

Thanks for that extra insight into how things work - it's never to late  to learn stuff!!

The bit about people using TOR to access the WEB "secretly" puzzled me as your ISP (should they choose) can see what you are doing which is why I can't figure out all this recent publicity about the "dark web" surely in truth there can't be any such thing or maybe I'm just getting even more confused.

As you say it does seem ironic that those who don't like the idea that nosy governments and security people can spy on them should use the very tool the state created. 

I suppose in countries where authoritarian regimes ban opposition and legitimate protest movements then keeping your identity secret could be very important indeed and in truth we know that even our western democracies aren't particularly fussy about what they do and how they spy on us.
 
Thanks again for your response.