Commit b383e652 authored by Tails developers's avatar Tails developers
Browse files

doc: Merge some stuff from /doc/about/anonymity.

parent ad5ef75f
......@@ -33,74 +33,7 @@ Internet can be read by many computers that relay them.
# <a name="how"></a>How does Tails provide with anonymity?
**FIXME**: semi-duplicated section: this and the [[about]] page are
duplicated information. Merge or inline the [[about]] page (whithout what's
next) here?
First of all, true anonymity is impossible. Given enough resources an
attacker will get you. What one can do is to make the cost of doing
that so high that it becomes infeasible.
Tails tries to do this by sending all your Internet traffic through
the [Tor™ network](https://www.torproject.org/) which makes your
Internet traffic very hard to trace. If someone tries to trace you
when you are using Tails, the trail will stop somewhere in Tor
network with the IP addresses of some of its participants, not your.
Similarly, if someone tries to see destination of your traffic, they
will only reach as far as some computer in the Tor network. In fact,
you will be the only one knowing exactly what is going on – not even
the computers in the Tor network that you send your traffic through
will know the whole picture!
As at least a rudimentary understanding of Tor currently is essential
for using it securely (and knowing its limits) we strongly recommend
reading the [Tor overview](https://www.torproject.org/overview.html)
and [Understanding and Using Tor – An Introduction for the
Layman](https://wiki.torproject.org/noreply/TheOnionRouter/TorALaymansGuide).
At the very least you should read the following paragraphs about
common misconceptions about the service offered by the Tor software.
**FIXME**: start of session duplicated with warning
By relaying your Internet traffic through the Tor network (which
Tails does per default) your communications should _only_ be
considered to be untraceable back to the computer you use, not
encrypted or in any other way unreadable by others. While the traffic
_is_ encrypted when it leaves your computer and when you get back your
responses, it will not necessarily be so when sent between the Tor
network and your destination (this is unavoidable for technical
reasons). This means that an eavesdropper at some later point will be
able see your traffic without Tor's encryption unless you take further
precautions (described [later on](#ff)), but will not be able to link
it back to your computer.
As such, if you are sending or receiving sensitive data whose
disclosure would be damaging in itself even if it is untraceable, you
need to use end-to-end encryption to hide the meaning of your data to
everyone except the recipient. Examples of such sensitive information
that you need to protect in this way are your real identity or other
personal information linkable to you, login details and passwords,
bank account or financial details, anything illegal or political, and
secrets in general.
There are several tools bundled with Tails offering end-to-end
encryption for various applications: [GnuPG](http://www.gnupg.org/)
provides with encryption for email,
[OTR](http://www.cypherpunks.ca/otr) is for instant messaging (MSN,
ICQ, IRC, etc.) among others.
Also, bear in mind that while web browsing on sites for whom the
addresses begin with `http://` the connections are not encrypted (see
[more about this](#ff)). However, web sites whose addresses start with
`https://` (notice the additional "**s**") use encrypted connections
and are thus **s**ecure. FIXME: tell a bit about certificates and
X.509 limits. Many web browsers, including Firefox, also display a
lock or a similar symbol in the address field or status bar indicating
that the connection is secure.
Notice that not all web sites offer this feature, but most that in any
way handle your data (webmail logins, bank account logins etc.)
usually do. Keep your eyes open!
**FIXME**: This still needs to be rescued somewhere:
Furthermore, most software bundled with Tails will warn you when
your previously encrypted connection switches to unencrypted mode: be
......@@ -115,17 +48,9 @@ Flash](http://en.wikipedia.org/wiki/Adobe_flash),
which have been shown to be able to defeat the anonymity provided by
the Tor network.
For instance, a web page using JavaScript can make your web browser
send your real IP address to the web server hosting the web page which
possibly can disclose it not only to the web server's owner but also
eavesdroppers that happen to fetch the message when it is sent between
the Tor network and the web server.
When running Iceweasel (Firefox) in Tails all such features are
handled by an extension called
[Torbutton](https://www.torproject.org/torbutton/) which does all
sorts of things to prevent the above type of attacks. But that comes
at a price – since this will disable some functionality, certain sites
might not work as intended.
**FIXME**: end of session duplicated with warning
......@@ -11,6 +11,8 @@ helping you making a good use of it.
Tor exit nodes can eavesdrop on communications
==============================================
**Tor is about hiding your location, not about encrypting your communication.**
Instead of taking a direct route from source to destination, communications
using the Tor network take a random pathway through several Tor relays that
cover your tracks. So no observer at any single point can tell where the data
......@@ -31,12 +33,11 @@ world by spying on the connections coming out of an exit node he was running.
See [Wired: Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's
Paradise.](http://www.wired.com/politics/security/news/2007/09/embassy_hacks).
**To protect yourself from such attacks you should use end-to-end encryption**
between you and the destination server, such as TLS, for example by choosing to
use HTTPS whenever it's possible. Fortunately, Tails includes HTTPS Everywhere,
a Firefox extension that switches automatically to HTTPS all your communications
to a number of major websites. See [EFF: HTTPS
Everywhere](https://www.eff.org/https-everywhere).
**To protect yourself from such attacks you should use end-to-end encryption.**
**Tails includes many tools to help you using strong encryption** while
browsing, sending email or chatting, as presented on our [[about
page|about#index3h1]].
Tails makes it clear that you are using Tor and probably Tails
==============================================================
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment