Browse & Email Safely & Anonymously With TorBOX
Before two years ago, I never thought that I’d have a need to block my identity while I was using the Internet. Seriously, I though that anonymous use of the Internet was only for hackers, criminals, and in general people that were up to no good.
In reality, there are actually lots of legitimate reasons why you wouldn’t want identifying information attached to messages that you are sending to someone, or why you’d want to prevent people that are intercepting your traffic from determining the IP address, or computer location, that you’re browsing the Internet from.
Two years ago, I hired a guy that lives in China to perform boots-on-the-ground investigative journalism for me. It isn’t easy for journalists in China, with a government that cracks down hard on anyone that may be sending information about the Communist party or its activities outside of the country. This journalist was willing to accept the risks, but we both knew that we would have to put some protections in place.
Back in 2011, I wrote about one of the anonymous and encrypted email services we used called VaultletMail . For very sensitive emails, he would package it up into a file and then encrypt that file using one of a variety of tools.
But there was always the fear that the government would intercept it and figure out my identity, or worse – his. Once I picked up a second correspondent in Malaysia, I realized the need for protecting communications was critical. So I went out in search for an additional layer of protection, and discovered TorBOX.
Protecting Your Identity
A few years ago, I had a friend that built one of these VM systems himself. He could send out emails from an entirely different IP than England, and I was insanely jealous. I never really had a need to do anything like that, but still, it was cool.
Now, I’ve found myself with a legitimate need to make my traffic appear to come from some other country than the U.S., or at least some other location than the Northeast. With TorBOX, you don’t need those walk-on-water programming skills. All you need to do is install both the Gateway and the Workstation. Just download both, and then use the “Import Appliance” tool in VirtualBox to load up the two VMs.
When you import, you’ll see all of the details of the pre-configured system. The developers advise not to reinitialize the MAC addresses. I don’t know why, just don’t do it.
Once you import both of them, you’ll see them show up in your list of Virtual Machines. First launch the TorBOX Gateway, and then launch the Workstation.
The beauty of this setup is that not only does it provide you with anonymity while browsing the Internet and sending out emails, but it also protect you from the snooping eyes of any spyware that may be installed on your PC for the purpose of tracking your online transmissions.
You see, the Gateway component of the setup operates within its own isolated network, connected only to the VM Workstation. When you access the Internet through this setup, it goes out to the Internet via the “Torified” connection, not through your “non-torified” connection.
The bottom line is that, running this VM, not only do you get the anonymous safety of Tor, but you also get the additional protection of running your browsing within a self-contained VM machine, within which your host computer cannot play. That means any malware installed on your PC can’t play there either.
When you launch the gateway, all you’ll see is a bunch of text scrolling across the screen.
When it stops, you can then launch the Workstation. This is a Ubuntu based system that’s very bare bones. You may not see anything on the application bar depending on your color scheme. Just right click in the lower left corner, and you’ll see the menu system. As you can see, there are a few existing applications installed already – a simple media player, PDF reader, and text editor for example.
If you only want this for safe, anonymous web browsing, then you have everything you need right here. Just click on the “TorBrowser“, and the browser will launch within the VM.
The first thing I did was browse to WhatIsMyIP.com with my host computer, and did so with the TorBrowser as well. In the image below, the top IP was the one using TorBrowser, while the lower one was the regular host IP.
Even better, the remote server did not think that my TorBOX traffic was coming from a proxy. For all intents and purposes, I’m a regular user, meaning that I can use regular online email services and even online forums that might block people that are using a proxy.
TorBrowser also has some nice additional security features. For example, clicking on the HTTPS icon at the upper right, you can enable HTTPS on all sites where possible. This is set to ON by default.
When you click the Tor icon, you’ll see all of the security settings that you can use to tighten or loosen the security of your Internet browsing to your liking. Some things you can enable include blocking plugin use and isolating dynamic content.
Under the History tab, you can control how your browsing history is handled and protected. Explore through the Forms, Cache, Cookies and other tabs to see how you can tighten security in those areas as well.
What’s cool about this browser is that it offers such a tight level of security inside of an already-secure VM setup, and on an already “Torified” network that has you on the Internet under an assumed IP. You couldn’t ask for much better anonymity and security than this kind of setup.
After enabling and securing my VM setup, I then go a step further and access Hushmail to make contact with my correspondents around the world. Husmail adds yet one more level of security to the already stockpiled blockade that this existing setup now provides.
Beyond web browsing, you can also access the terminal console on the Workstation node.
Don’t forget, if you prefer working with an email client rather than webmail for your secure email setup, you can always download and install a Linux email client to your new Torified VM.
This setup isn’t perfect – no security setup really is. Someone, somewhere might be able to figure out a way to figure out who you are and where you are. But, if you’re using an ultra-secure setup by running TorBOX, you can at least rest assured that you’ve tried your hardest to isolate your sensitive communications and Internet traffic from prying eyes.
Have you ever used any Tor tools? Are you thinking of giving TorBOX a try? Share your own security setup in the comments section below, we’d love to hear how you protect your own ultra-sensitive communications over the Internet.
Image Credits: Digital Binary Data Via Shutterstock