[Orbot] Mobile Anonymity + Circumvention

Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Orbot is the only app that creates a truly private internet connection. As the New York Times writes, “when a communication arrives from Tor, you can never know where or whom it’s from.” Tor won the 2012 Electronic Frontier Foundation (EFF) Pioneer Award.

Download Orbot

Tor Browser Bundle 3.5

The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series.

Packages are now available from the Tor download page as well

as the Tor Package archive.

For now, the Pluggable Transports-capable TBB is still a separate package, maintained by David Fifield.

For people already using TBB 3.5rc1, the changes are not substantial, and are included below.

However, for users of TBB 2.x and 3.0, this release includes important security updates to Firefox. All users are strongly encouraged to update immediately, as we will not be making further releases in the 2.x or 3.0 series.

In terms of user-facing changes from TBB 2.x, the 3.x series primarily features the replacement of Vidalia with a Firefox-based Tor controller called Tor Launcher. This has resulted in a vast decrease in startup times, and a vast increase in usability. We have also begun work on an FAQ page to handle common questions arising from this transition -- where Vidalia went, how to disable JavaScript, how to check signatures, etc.

The complete changelog for the 3.x series describes the changes since 2.x.

The set of changes since the 3.5rc1 release is:

• All Platforms
• Update Tor to 0.2.4.19
• Update Tor Launcher to 0.2.4.2
  • Bug 10382: Fix a Tor Launcher hang on TBB exit
• Update Torbutton to 1.6.5.2
• Misc: Switch update download URL back to download-easy    

Download Tor Browser Bundle 3.5

[Tor-ramdisk] Micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM

Tor-ramdisk is a uClibc-based micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM. For those not familiar with Tor, it is a system which allows the user to construct encrypted virtual tunnels which are randomly relayed between Tor servers (nodes) until the connection finally exits to its destination on the internet. The encryption and random relaying resist traffic analysis in that a malicious sniffer cannot easily discover where the traffic is coming from or what data it contains. While not perfect in its efforts to provide users with anonymity, Tor does help protect against unscrupulous companies, individuals or agencies from "watching us". For more information, see the Tor official site.

The usefulness of a RAM only environment for Tor became apparent to me when Janssen was arrested by the German police towards the end of July, 2007. (You can read the full story in a CNET article.) While the police did not seize the computer for whatever reasons, they certainly could have. More typically, it would have been taken for forensic analysis of the data on the drives. Of course, if the computer housing the Tor server has no drives, there can be no question that it is purely a network relaying device and that one should look elsewhere for the "goods".

Other advantages became clear:

• It is useful to operators that want all traces of the server to disappear on powerdown. This includes the private SSL keys which can be housed externally.
• The environment can be hardened in a manner specific to the limited needs of Tor.
• It has the usual speed advantages of diskless systems and can run on older hardware.

The only known disadvantage is that it cannot host Tor hidden services which would require other services (e.g. http), and their resources (e.g. hard drive space), in addition to the Tor server itself. However, as a middle or exit node, it is ideal.

Download Tor-ramdisk

[Orchid] Tor Client for Java

Orchid is a Tor client implementation and library written in pure Java.

It was written from the Tor specification documents, which are available here.

Orchid runs on Java 5+ and the Android devices.

How can Orchid be used?

In a basic use case, running Orchid will open a SOCKS5 listener which can be used as a standalone client where Tor would otherwise be used. 

Orchid can also be used as a library by any application running on the JVM. This is what Orchid was really designed for and this is the recommended way to use it. Orchid can be used as a library in any Java application, or any application written in a language that compiles bytecode that will run on the Java virtual machine, e.g., JRuby, Clojure, Scala..

Why was Orchid developed?

Orchid was developed for seamless integration of Tor into Java applications. The first application to have built-in Tor support is Martus, a human rights application developed by Benetech. 

Another reason Orchid was developed was to work through and debug the Tor specification documents. Orchid was also created to provide a reference implementation in Java. This may be easier to understand for those who are unfamiliar with the C programming language. The implementation is also simpler because only the client has been implemented.

Should Orchid be used with a regular browser for anonymous browsing?

Probably not. We recommend that the Tor Browser Bundle (or better yet, Tails) be used, as there are privacy leaks through the browser that are unrelated to Tor. However, Orchid can be used with the Tor Browser bundle in the place of native Tor.

Orchid's strength is that it can be used to Torify Java and JVM applications with near transparency.

Download Orchid