WEBVTT

00:00.540 --> 00:06.390
Previously we learned how to install and use the Tor browser, and in the previous lecture I showed

00:06.390 --> 00:08.100
you how to use it with tails.

00:08.400 --> 00:14.520
Now this will be the browser that will use most of the time to protect our anonymity and privacy and

00:14.520 --> 00:18.480
to access the hidden services or the darknet websites.

00:18.990 --> 00:25.440
In this lecture, though, I want to show you another browser that comes with tails, which is the insecure

00:25.440 --> 00:26.910
or unsafe browser.

00:28.320 --> 00:32.970
Now you might think, why would I want to use an insecure or unsafe browser?

00:33.300 --> 00:40.740
See, as we mentioned before, unlike installing the Tor browser on other operating systems such as

00:40.740 --> 00:47.430
Windows, OSX or Linux, where only traffic going through the Tor browser will go through the Tor network,

00:47.430 --> 00:56.280
and all other traffic will literally go directly to the Internet until all traffic is forced to go through

00:56.280 --> 00:57.290
the Tor network.

00:57.300 --> 01:04.410
So regardless of what application generates this traffic, even if it's a system update, even if it's

01:04.410 --> 01:12.240
some malware that got downloaded and got executed on your system, it will always be forced to go through

01:12.240 --> 01:13.350
the Tor network.

01:13.380 --> 01:16.990
Now, like we said, this is great because it prevents leaks.

01:17.010 --> 01:23.310
It improves our security and anonymity because no other programs can access the Internet directly.

01:23.310 --> 01:27.990
Therefore, all of our connections are always going through the Tor network.

01:28.650 --> 01:32.820
So this is really, really good and an amazing feature of Thales.

01:33.030 --> 01:41.070
The only problem is sometimes you actually need to access the Internet directly, or you need a browser

01:41.070 --> 01:43.440
that will not use the Tor network.

01:43.920 --> 01:50.070
For example, if you are trying to connect to a captive portal, what I mean by a captive portal is

01:50.070 --> 01:56.550
a network similar to the networks you see in airports, universities or coffee shops where once you

01:56.550 --> 02:00.000
connect, you have to log in or you have to authenticate.

02:00.030 --> 02:04.050
Now, usually the authentication is done using a web browser.

02:04.320 --> 02:10.860
Any web browser will work, but the Tor browser will not work because as we know, Tor browser will

02:10.860 --> 02:12.960
drive traffic through the Tor network.

02:12.960 --> 02:14.700
And therefore you want.

02:15.650 --> 02:18.830
Be able to authenticate with the local network.

02:19.550 --> 02:25.000
Now, if you were running the Tor browser from a normal operating system like Linux, Windows or Ice

02:25.040 --> 02:27.350
X, the solution to this is easy.

02:27.350 --> 02:33.200
You just go to one of your other browsers and like I said, these will be accessing the Internet directly.

02:33.200 --> 02:34.700
So that will be fine.

02:34.970 --> 02:40.930
The problem is, as we mentioned, Intel's everything is forced to go through the Tor network.

02:40.940 --> 02:46.520
So even if you had another web browser, it will be forced to go through the Tor network and therefore

02:46.520 --> 02:50.170
you still won't be able to authenticate with these networks.

02:50.180 --> 02:57.020
Therefore, for this reason and for any other rare cases where you would actually need to access the

02:57.020 --> 03:01.370
Internet directly tells comes with another web browser.

03:01.370 --> 03:09.230
It's actually called the unsafe browser because this is the only application on the operating system

03:09.230 --> 03:15.440
that can make direct connection to the Internet outside of the Tor network.

03:16.010 --> 03:21.410
So you want to be very, very careful when you're using this and you want to make sure that you know

03:21.410 --> 03:25.190
what you're doing because it is not using the terror network.

03:25.190 --> 03:31.760
It's going to be accessing the Internet directly, revealing your location, your IP and so on.

03:32.820 --> 03:35.130
So right here, I'm back at tails.

03:35.550 --> 03:40.170
And if I go to my wi fi networks and look for a wi fi network.

03:41.720 --> 03:45.560
You can see that there is a Starbucks wi fi around me.

03:45.560 --> 03:51.500
So this is a coffee shop network and this is an example of a network that uses a captive portal.

03:51.560 --> 03:58.310
Like I said, these networks are commonly used in coffee shops, colleges, hotels or airports.

03:58.820 --> 04:00.860
So it's all the same scenario.

04:00.890 --> 04:04.010
Once you connect, so I'm going to click on it and connect.

04:04.430 --> 04:11.060
You'll see that I will be able to connect to the network, but I won't have Internet access.

04:12.070 --> 04:16.540
So if I go up here, you can see that I am connected to the network.

04:16.990 --> 04:21.760
But as you can see, the tour icon right here still has an X beside it.

04:21.760 --> 04:24.520
So I'm not able to connect to the Tor network.

04:24.520 --> 04:31.240
And even if I go and run my Tor browser, as you can see, it's telling me that the Tor network is not

04:31.240 --> 04:36.220
ready yet, so the browser will probably not be able to access the internet.

04:36.310 --> 04:39.400
And even if you wait for this, it's not going to connect.

04:39.400 --> 04:42.100
So I'm going to click on Start anyway.

04:46.270 --> 04:48.460
And as you can see, nothing will load.

04:48.460 --> 04:50.560
We'll be stuck at the welcome page.

04:50.740 --> 04:56.920
And even if you try to go to any website, it's not going to load because the captive portal needs you

04:56.920 --> 04:58.690
to first authenticate with it.

04:58.690 --> 05:06.100
So this network is configured in a way that the users have to authenticate using a web interface first.

05:06.820 --> 05:13.390
See, usually on normal operating systems, when you launch your browser, you'll see the authentication

05:13.390 --> 05:16.990
web interface, the authentication page by default.

05:17.020 --> 05:25.390
But because Thales is configured so that it routes all traffic through the Tor network, the web interface

05:25.390 --> 05:29.080
or the authentication page is inaccessible to us.

05:29.740 --> 05:36.370
Therefore, the only way around this is to go ahead and use the insecure browser which accesses the

05:36.370 --> 05:37.630
internet directly.

05:38.640 --> 05:39.420
To do this.

05:39.420 --> 05:41.190
We're going to go to applications.

05:42.580 --> 05:43.510
Internet.

05:44.650 --> 05:47.230
And we're going to click on the unsafe browser.

05:47.710 --> 05:51.550
It's going to show us a warning telling us that this will access the Internet directly.

05:51.550 --> 05:54.350
You will not be anonymous, so be careful.

05:54.370 --> 05:56.160
I've explained all this to you.

05:56.170 --> 05:57.760
So we're going to click on launch.

05:59.830 --> 06:05.860
And as you can see, we get another Web browser with a big warning again about the implications of using

06:05.860 --> 06:09.220
this browser, but we know what we're doing, so that's fine.

06:09.220 --> 06:16.090
And now you can use this browser similar to the way that you use any web browser on any other operating

06:16.090 --> 06:19.780
system that does not force traffic through the Tor network.

06:20.650 --> 06:25.060
So you probably already connected to such networks in hotels or airports.

06:25.060 --> 06:30.700
Once you connect to it, you open your web browser and you can go to a new website you want.

06:30.940 --> 06:33.970
For example, I'm going to go to DuckDuckGo dot com.

06:37.760 --> 06:43.580
And as you can see, the website that I want will not load, but I will get the page for the captive

06:43.580 --> 06:44.270
portal.

06:44.810 --> 06:47.960
Now some captive portals will ask you for a name and email.

06:47.960 --> 06:49.750
They might ask for your phone number.

06:49.760 --> 06:52.060
You can fill this with any information you want.

06:52.070 --> 06:57.330
You don't have to give valid information, and once you do this, you can click on Connect.

06:57.350 --> 07:00.680
In my case, I can just connect without filling any information.

07:00.980 --> 07:04.700
And as you can see, I'll get redirected to the Starbucks website.

07:04.700 --> 07:09.020
So I get authenticated with the network, with the captive portal now.

07:09.590 --> 07:15.320
So now tables should be able to establish a connection with the Tor network and the Tor browser should

07:15.320 --> 07:16.610
work for us as well.

07:18.260 --> 07:19.010
And perfect.

07:19.010 --> 07:23.220
As you can see, we get a notification telling us now we can access the Internet.

07:23.240 --> 07:24.250
On the top, right.

07:24.260 --> 07:25.760
The X has disappeared.

07:26.180 --> 07:33.290
So if I go to check the Tor project dot org, as you can see, we get a nice message telling us that

07:33.290 --> 07:36.170
we are connected properly to the Tor network.

07:36.170 --> 07:40.070
Our IP is changed and everything is working as expected.

07:40.430 --> 07:43.580
So now we don't need the unsafe browser anymore.

07:43.580 --> 07:49.820
We can close it because we have authenticated with the target network properly and the network is going

07:49.820 --> 07:51.530
to allow us to access the internet.

07:51.530 --> 07:57.560
And then Thales is going to force all traffic through the Tor network, which is exactly what we want,

07:57.560 --> 08:00.740
which will improve our privacy and anonymity.