

Ask HN: How do I explain Tor to my Mom? - bikamonki

When I start talking <i>cookies, privacy, security</i> she thinks oatmeal, tightens the grip on her purse and whispers: &quot;why, what, wait, who&#x27;s listening?&quot;. Keep in mind that this is a 60+ lady who&#x27;s getting along well with Ubuntu; however, all she does is power up, click-open a browser and plays online.<p>Point is: with most of today&#x27;s computing done in a browser and most users being non-techie: is it even possible to spread proper secure&#x2F;private browsing? A simple click-install-go solution?
======
glimcat
Tor has bad latency & availability characteristics for everyday use. You
probably shouldn't try to push your 60+ year old mother into using it unless
she's e.g. a journalist or political activist.

When Tor is actually appropriate, the drop-and-go version is the Tor Browser
Bundle, which uses a customized Firefox distribution.

[https://www.torproject.org/projects/torbrowser.html.en](https://www.torproject.org/projects/torbrowser.html.en)

Note that all this does is proxy your requests, it won't prevent you from
deanonymizing yourself through characteristic requests, traffic patterns, or
whatever. That's often where people screw up, since it involves a running
battle where losing a few bits of entropy here and there can and will expose
you.

But to explain it:

A group of people don't want others to be able to snoop on what websites they
want to view. So they agree to lump all their requests together, and then they
don't keep any records about who ordered what once it has been delivered.

If someone's snooping, all they can tell is that someone in the group
requested it - they can't point a finger at any specific person.

------
User8712
You do realize TOR is going to be unsafe for the average person and their
every day browsing, right? Your traffic is going to be visible to any person
running an exit node, so if you send any personal information or login
credentials over a non-https connection, the person on the other end can read
your information.

As someone else mentioned, if your mom is a journalist or political activist,
and needs to access information anonymously, while at the same time is careful
enough not to release any information over TOR that could be used to identify
herself, than it might be in her advantage. If you're setting her up on TOR so
she can browse her favorite social networks, cooking blogs, and e-mail, then
she's most likely going to be less secure, entrusting personal information to
strangers instead of her ISP, and waiting on the slow load times of the TOR
network.

TOR isn't some magic bullet that makes browsing safe and anonymous. In short,
I'd recommend your mom doesn't use TOR. Based on her profile, she's going to
make the mistake of sending unencrypted personal information, and when that
happens, I think she's better off trusting her ISP over a stranger with that
data.

------
frostmatthew
From the top comment on:
[http://www.reddit.com/r/explainlikeimfive/comments/19twt9/el...](http://www.reddit.com/r/explainlikeimfive/comments/19twt9/eli5_the_deep_web_onion_routing_and_tor/)

"Let's say I want to access the website that's located at this server. My
computer connects to another computer in the Tor network, which connects to
another, and so on. Eventually, one of them will connect to the server, which
can send back information using this pattern. However, none of the computers
in the Tor network know who is getting what. The computer that you connect to
isn't the same as the one that connected to the server, so it's very
anonymous."

------
joshfraser
I use the analogy of Russian dolls with secret messages inside them. You don't
know how many dolls there are and you can only ever open the doll that was
intended for you. The secret message either contains instructions for what to
do, or who to pass the dolls to next.

~~~
huckleberryfinn
Yeah, dolls or an onion appear to be the best analogies.

------
kurumo
Imagine I want to send a letter to someone, but I am worried that it may be
intercepted (by the government, for the sake of argument). So instead of
sending it directly to my recepient, I make arrangements with some reliable
friends so that if they receive a letter from one of us, they take it out of
the envelope and put it in different one, addressed to another friend. To make
sure the letter doesn't travel forever we add dots at the end; once there are
more than three (four, five...), we send the letter to the original intended
recepient. Nobody knows for sure who is the person who sent the letter
originally (as I can put different number of dots at the end of the letter).
We can also make it so that none of the intermediate parties know what the
message says (possibly even who is the final recipient?) by encoding the
message at every step and using extra envelopes. At the outset I write my
letter, add some dots at the end and send it to one to my friends, picked
randomly, together with an extra envelope addressed to the intended recepient.

That should do as far as Tor goes, but the more general problem of explaining
_why_ is such a thing needed by your mom is much harder. (Unless she lives in
North Korea or some such place).

------
michaelmcmillan
[http://www.reddit.com/r/explainlikeimfive](http://www.reddit.com/r/explainlikeimfive)

------
coldtea
"It's something you don't have to know about. When and IF there's a decent
alternative that's actually useful and doesn't also need you to gap 100 other
holes in your whole online process, I'll let you know first."

------
fsk
How to explain it to your mom: "Tor is a method for encrypting Internet
traffic. Most of the nodes are operated by the NSA."

