Silk Road forums

Discussion => Security => Topic started by: Sour D on October 22, 2011, 07:06 am

Title: Safest way to upgrade TOR
Post by: Sour D on October 22, 2011, 07:06 am
    So when I open tor I notice a message notifying of an upgrade to Tor, with a link to the download page. When trying to download, I get a message saying

"NOTE: External applications are NOT Tor safe by default and can unmask you!

If this file is untrusted, you should either save it to view while offline or in a VM,
or consider using a transparent Tor proxy like Amnesia LiveCD, torsocks, or TorVM."

   So I'm not sure what this actually means, but it sounds like a risk to anonymity? How does one download this safely, should I just use the regular web or will my ISP keep record of and red-flag my association with Tor?
Title: Re: Safest way to upgrade TOR
Post by: CrunchyFrog on October 22, 2011, 10:27 pm
I'd think that if your ISP were going to red-flag you for visiting a Tor Project web page they'd have already done so -- I'm guessing that you downloaded Tor from the web at some point.  Plus, unless you're using bridge relays, every time you use Tor you're connecting to IP addresses which are publicly known [ torstatus.blutmagie.de ] so the fact that you use Tor is no secret to them if they choose to check.

The warning message you're getting is a true statement -- at least in a generic sense -- in that "live" updates can be risky since you have little to no control over what they do or to what they connect. Probably the safest way to proceed is to repeat the process you (hopefully) used to obtain Tor originally: download the current installation package from the Tor Project website via browser (through Tor, if you prefer); then check the package signature [ torproject.org/docs/verifying-signatures ] against the downloaded file before installation.  Most modern installers are savvy enough to perform any required uninstallation(s) for you, but you can do that manually if you'd prefer.