WEBVTT 00:00:00.240 --> 00:00:08.000 Who would have thought that one of the best ways to preserve your privacy would 00:00:04.240 --> 00:00:09.840 be to hide behind an onion? And no, I'm 00:00:08.000 --> 00:00:13.519 of course not talking about growing a literal massive onion and standing 00:00:11.759 --> 00:00:18.880 behind it hoping that the smell will keep everyone else at bay. Today's 00:00:16.000 --> 00:00:25.359 episode is all about the onion router, better known as tour. used by dissident, 00:00:22.720 --> 00:00:30.400 uh, cyber criminals, and even ordinary folks the world over to keep their 00:00:27.680 --> 00:00:36.800 online activities away from the prying eyes of governments, advertisers, 00:00:33.280 --> 00:00:39.360 stalkers, or maybe even me. Dang it. But 00:00:36.800 --> 00:00:44.960 how does it work? Why is it considered so secure? And does it have any 00:00:41.920 --> 00:00:47.120 weaknesses? We touched on tour in our 00:00:44.960 --> 00:00:50.719 video about the deep web and the dark web, which you can check out here, but 00:00:49.120 --> 00:00:58.000 we're going to dive into it in a little bit more detail. Tour tries to anonymize 00:00:54.800 --> 00:01:00.480 your online activity by encasing your 00:00:58.000 --> 00:01:05.519 traffic in multiple layers of encryption, then sending it through a 00:01:02.879 --> 00:01:11.600 number of nodes that peel back those layers one at a time, hence the onion 00:01:08.080 --> 00:01:13.680 nickname. Each node only decrypts enough 00:01:11.600 --> 00:01:19.439 information in the packet to know where to send it next. So none of the nodes 00:01:16.400 --> 00:01:21.759 know both your identity and the identity 00:01:19.439 --> 00:01:26.880 of whatever website or server you are trying to connect to. This high level of 00:01:24.400 --> 00:01:33.200 encryption and repeated bouncing of network traffic makes tour quite secure, 00:01:30.000 --> 00:01:36.240 but it isn't entirely foolproof. At some 00:01:33.200 --> 00:01:38.720 point, your data has to leave the tour 00:01:36.240 --> 00:01:43.439 network to get to wherever it's going through something called an exit node. 00:01:41.200 --> 00:01:47.759 The very last tour node that your data travels through. And when your data 00:01:45.439 --> 00:01:53.200 leaves an exit node and is sent to its destination, it is no longer necessarily 00:01:50.479 --> 00:01:58.479 encrypted. While it's very difficult still for the recipient to tell that 00:01:55.200 --> 00:02:00.960 it's you connecting, any unencrypted 00:01:58.479 --> 00:02:05.040 personal information can be read by both the operator of the exit node and 00:02:03.520 --> 00:02:09.599 whatever site it is that you're connecting to. In fact, a team of 00:02:07.280 --> 00:02:14.959 researchers several years ago harvested a bunch of unencrypted email addresses 00:02:12.000 --> 00:02:19.920 and passwords in this manner even though they were sent over tour. The fact that 00:02:17.599 --> 00:02:24.879 anyone can run an exit node also means that you don't know who could be looking 00:02:22.080 --> 00:02:30.400 at your information on the other end. To alleviate this problem somewhat, the Tor 00:02:27.760 --> 00:02:34.879 Foundation provides the tour browser for free, which is a modified version of 00:02:32.560 --> 00:02:42.160 Firefox that, among other things, attempts to use the encrypted HTTPS 00:02:38.720 --> 00:02:45.599 standard instead of regular HTTP for as 00:02:42.160 --> 00:02:48.480 much web activity as possible and also 00:02:45.599 --> 00:02:54.239 disable certain plugins that can leak your IP address. Many plugins and other 00:02:51.840 --> 00:03:00.080 applications for that matter won't run over the tour network by default and can 00:02:57.040 --> 00:03:01.920 thereby give away your identity even if 00:03:00.080 --> 00:03:07.440 your other traffic your normal web browsing traffic is going through tour. 00:03:04.720 --> 00:03:12.640 It is possible to force other applications to use the tour network 00:03:10.319 --> 00:03:17.360 either by manually configuring them or using programs like tallow that do it 00:03:14.879 --> 00:03:22.400 for you. But since any unencrypted information that you send or receive can 00:03:19.760 --> 00:03:26.640 still be seen by exit nodes, some users have tried using virtual private 00:03:24.400 --> 00:03:30.239 networks or VPNs, which you can learn more about here, by the way, in 00:03:28.319 --> 00:03:35.920 conjunction with Torah to create an encrypted tunnel at every point of the 00:03:33.360 --> 00:03:40.640 connection. Not a bad solution as long as you can trust your VPN provider not 00:03:37.920 --> 00:03:46.080 to keep tabs on you. Of course though, the best idea is not to send anything 00:03:43.519 --> 00:03:51.840 personally identifying over tour or anywhere if you can help it. Tour also 00:03:49.519 --> 00:03:57.360 has the limitation of being a rather slow network. So it might not be too 00:03:54.159 --> 00:04:00.239 useful for downloading large amounts of 00:03:57.360 --> 00:04:04.239 you know stuff uh streaming in 4K or using Bit Torrent especially the latter 00:04:02.400 --> 00:04:09.519 as the Bit Torrent protocol can broadcast your IP address if you aren't 00:04:06.959 --> 00:04:15.280 careful. Nevertheless though, tour is still a great help to activists, uh, 00:04:12.879 --> 00:04:19.519 victims of crime and people who are just plain concerned about preserving 00:04:17.280 --> 00:04:26.080 personal privacy in an age where it feels like we can always be watched. Tor 00:04:23.680 --> 00:04:30.000 may not be perfect, but it is a good first line of defense against aggressive 00:04:28.320 --> 00:04:36.000 advertisers, shady government shenanigans, or, you know, Skynet. 00:04:33.840 --> 00:04:41.120 Speaking of online security, Tunnel BearVPN lets you tunnel to 20 different 00:04:39.520 --> 00:04:45.840 countries, allowing you to browse the internet and use online services as 00:04:43.520 --> 00:04:49.280 though you were in that different country. And of course, if you clicked 00:04:47.440 --> 00:04:53.680 on the explanation of VPNs that I referred to earlier in this video, you 00:04:51.120 --> 00:04:58.000 would already know that. Aha. They have easy to use apps for iOS, Android, PC, 00:04:56.320 --> 00:05:02.560 and Mac. They also have a Chrome extension. You just choose the country 00:05:00.320 --> 00:05:07.199 that you want. You click the little virtual button and boom, your little 00:05:04.720 --> 00:05:10.800 bear tunnels over to wherever it happens that you want to be tunneling through. 00:05:09.440 --> 00:05:16.479 When you turn on tunnel bear, your connection gets encrypted and your public IP address gets switched so that 00:05:14.240 --> 00:05:22.400 you can show up as though you were in a different country, letting you bypass 00:05:19.280 --> 00:05:25.280 stupid things like geographical region 00:05:22.400 --> 00:05:28.800 restrictions. Super thumbs up. It's also easy to use. You don't have to do any of 00:05:26.960 --> 00:05:33.199 that, you know, port configuration and DNS or blah blah, etc. nonsense. It's so 00:05:31.360 --> 00:05:37.600 easy that your mom could use it and they have a top-rated privacy policy and do 00:05:35.199 --> 00:05:42.400 not log their users's activity. So, you can actually try out Tunnel Bear for 00:05:39.360 --> 00:05:44.800 free with 500 megs of data included. And 00:05:42.400 --> 00:05:47.360 you can save 10% on your unlimited package, which only costs a few bucks a 00:05:46.479 --> 00:05:52.479 month by heading over to tunnelbear.com/Linus linked in the video description. So, 00:05:51.360 --> 00:05:57.280 thanks for watching, guys. If you like this video, hit the like button. If you 00:05:55.039 --> 00:05:59.759 disliked it, hit the dislike button. If you want to check out our other 00:05:58.240 --> 00:06:02.960 channels, hey, go ahead and do that. We've got Channel Super Fun, which we've 00:06:01.440 --> 00:06:06.880 had some pretty rocking videos on lately. Maybe we've got one over there to show you. If you have suggestions for 00:06:05.520 --> 00:06:10.960 future fastest possibles, leave them in a comment below the video. And as always, don't forget to subscribe and 00:06:09.440 --> 00:06:15.120 follow and all that good stuff so you don't miss any other tech quickies.