WEBVTT

00:01.130 --> 00:01.610
Okay.

00:01.610 --> 00:08.570
So now that we have Tor browser installed, let's go ahead and make sure that it's working as expected

00:08.570 --> 00:12.590
and is routing all of the traffic through the Tor network.

00:13.490 --> 00:20.630
Now I'm going to be using the Tor browser on Windows, but as seen before, the interface is identical

00:20.630 --> 00:23.000
on Windows, Linux and OS X.

00:23.000 --> 00:28.520
The installation is different and I showed you how to install it on all of these operating systems.

00:28.520 --> 00:33.560
So once it's installed, using the browser is exactly the same.

00:34.250 --> 00:37.250
So I'm going to double click the launcher.

00:40.030 --> 00:46.330
And as you can see, you get a normal browser window and don't maximize this window ever.

00:46.330 --> 00:48.040
And I'll talk about that later.

00:48.190 --> 00:55.900
But for now, just to check to make sure that tour is working, I'm going to go to check dot to project

00:55.900 --> 00:57.010
dot org.

00:59.490 --> 01:02.160
And as you can see, it's saying congratulations.

01:02.160 --> 01:10.830
This browser is configured to use Tor and it's given us the IP that our browser appears to be coming

01:10.830 --> 01:11.190
from.

01:11.190 --> 01:13.170
So this is not my real IP.

01:13.170 --> 01:17.700
This is the IP that I will appear that I'm coming from.

01:18.150 --> 01:26.550
So this is all perfect and I'll talk about more Tor settings in a future lecture, but right now I want

01:26.550 --> 01:29.850
to show you how to bypass Tor being blocked.

01:29.850 --> 01:37.470
So in case you came to this website and it didn't load or if you saw a warning here say in Tor is not

01:37.470 --> 01:44.820
working, then this could be because your network administrator or your internet service provider is

01:44.820 --> 01:47.040
blocking you from using TOR.

01:48.000 --> 01:50.790
See, when you try to access TOR.

01:50.820 --> 01:57.870
As I mentioned before, the first thing you'll have to do is connect to the Tor network and send your

01:57.870 --> 02:00.330
traffic to a random Tor node.

02:00.330 --> 02:05.820
So you're going to pick one of these nodes and you're going to send your traffic through it as the first

02:05.820 --> 02:06.480
node.

02:07.230 --> 02:14.550
The problem is, before you can actually connect and send data to this node, your data can easily be

02:14.550 --> 02:23.940
intercepted by your network administrator or your Internet service provider before it even reaches the

02:23.940 --> 02:28.530
first node and before it's even able to connect to the Tor network.

02:29.460 --> 02:38.280
So what your Internet service provider or ISP can do is they could identify all the available TOR nodes

02:38.280 --> 02:44.910
right here, the white circles, because they are publicly available and then just block them all,

02:44.910 --> 02:49.230
prevent you from connecting to any of these white circles.

02:49.230 --> 02:54.630
So therefore, whenever you try to connect to Tor, you're passing by internet service provider, which

02:54.630 --> 03:00.840
is running a firewall, checking if you're trying to connect to any of these nodes and if you are,

03:00.870 --> 03:02.370
it will block your connection.

03:02.910 --> 03:09.300
The result of this is when you come in to load this page, it will either not load or it's going to

03:09.300 --> 03:11.940
tell you that you're not using the Tor network.

03:13.020 --> 03:18.450
A simple solution to this is to use a tor bridge as the first node.

03:19.210 --> 03:21.130
What we mean by ter bridges.

03:21.130 --> 03:28.660
They are normal nodes similar to all the white circles that we can see in here, but they are not publicly

03:28.660 --> 03:29.610
available.

03:29.620 --> 03:37.000
So the only way that the internet service provider was able to block us is because they know all the

03:37.000 --> 03:43.000
white circles, they know all the public nodes, and they have a rule in their firewall to prevent any

03:43.000 --> 03:46.600
user from connecting to any of these white circles.

03:46.960 --> 03:53.170
So to bypass this, we can just use a node that is not publicly available.

03:53.170 --> 03:56.140
It's not being advertised that way.

03:56.170 --> 04:02.470
When we try to connect to it, the Internet service provider will not have this node in its list and

04:02.470 --> 04:08.800
therefore we can connect to it and then continue using it or going out to another website, or even

04:08.800 --> 04:11.680
going in and accessing an onion service.

04:12.630 --> 04:14.310
So this is pretty good.

04:14.310 --> 04:22.110
It's a pretty good solution until firewalls and service providers became smarter and implemented more

04:22.110 --> 04:23.250
advanced methods.

04:23.790 --> 04:32.220
What they started doing is they started using deep packet filtering or what's known as the API to identify

04:32.250 --> 04:34.590
third traffic and block it.

04:35.280 --> 04:39.330
So they don't even care about which node you're trying to connect to.

04:39.360 --> 04:47.100
They started analyzing all traffic that you sent out of your computer and they managed to identify what

04:47.130 --> 04:48.930
your traffic looks like.

04:49.200 --> 04:55.380
So like I said before, when you use Tor, they can't really see which websites you're trying to go

04:55.380 --> 05:03.150
to, but they'll be able to see that you're trying to use the Tor network either by identifying the

05:03.150 --> 05:09.630
node that you're trying to connect to or by using deep packet filtering, which will tell them that

05:09.630 --> 05:13.950
the traffic of this user matches a signature of a tor traffic.

05:13.950 --> 05:16.200
Therefore, this user is using Tor.

05:16.230 --> 05:18.690
Therefore, we will block this traffic.

05:19.620 --> 05:24.090
So the solution to this is to use a pluggable transport.

05:24.810 --> 05:31.950
Pluggable transports will try to make your traffic look similar to any other normal traffic.

05:32.190 --> 05:38.310
So when you're trying to connect to a bridge, we're going to use a bridge that can use a pluggable

05:38.310 --> 05:39.210
transport.

05:39.210 --> 05:45.140
And this way all the traffic that we're going to send will not look like Tor traffic.

05:45.180 --> 05:51.090
It will look similar to traffic that's generated when you're trying to access Google or Facebook or

05:51.090 --> 05:55.350
any other website similar to any normal web traffic.

05:56.250 --> 05:56.580
Now.

05:56.580 --> 05:58.250
This is a pretty good solution.

05:58.260 --> 06:03.570
It will work in many cases, but it can still fail in some instances.

06:03.990 --> 06:10.080
But the worst case scenario, even if it fails, the Internet service provider will be able to know

06:10.080 --> 06:11.330
that you're using Tor.

06:11.340 --> 06:18.360
But again, they won't really know which websites you're trying to access unless they run a more sophisticated

06:18.360 --> 06:19.080
attack.

06:20.590 --> 06:24.360
Now keep in mind this will slow down your connection.

06:24.370 --> 06:31.330
So if you are able to browse this page and it's telling you that everything is working, then maybe

06:31.330 --> 06:33.410
you don't you shouldn't really use them.

06:33.430 --> 06:35.830
It really depends on your case.

06:36.310 --> 06:43.000
And in the next lecture, I'm going to show you how to configure Tor to use a bridge with a pluggable

06:43.000 --> 06:47.890
transport to access the Tor network, even if it's being blocked.