Vidalia is a cross-platform GUI for the Tor network, which makes it very easy to anonymize your Mac's TCP activity. The Tor project (which we posted about a long time ago) is a volunteer network designed to foil traffic analysis and thus allow you to cover your tracks online. Basically it bounces your network requests across a number of Tor computers (and back again) so that nobody is able to figure out your actual destination.

This is obviously useful for keeping your identity secret, but it may also allow you to access IP addresses and services that your local network administrator blocks. Now you should think carefully about trying to circumvent such restrictions, as bad things may happen to you if it's discovered. The other big downside is speed. Needless to say if you're bouncing around computers all over the globe before you get to your destination there's going to be some lag. Nonetheless, if you need the anonymity (or if the people you're communicating with need it -- think journalists or whistleblowers) it may be worth it. You may also like to contribute your own computer as a node to help out the network.

Vidalia is open source and a free download. The latest package is marked for Tiger, but it seems to work on Leopard as well. If you're having trouble getting it from the Vidalia project page you can also download it from the Tor project download page. Once you download it, be sure to carefully follow the instructions in the Installation Guide for OS X.

With the nonsense on Capitol Hill this week, and discussion of DMCA revision and funding ramping up, I thought it would be a good time to talk about Tor, the award-winning privacy protocol and software from the EFF. Unlike other anonymizers that work by encrypting or proxying particular services and protocols, Tor's TLS-over-onion routing scheme works by re-routing all TCP traffic through a complex network of Tor nodes. Packets, including routing information, are encrypted between each node and each node has access to only very limited information about the next hop. Furthermore, packets pass through a random number of nodes (the more the merrier) and not all packets from a single session need follow the same route. This makes it very, very difficult (it's tempting to say impossible, but that's probably not quite true) to trace the ultimate origin or destination of any packet on the network unless the contents of the packet divulge revealing information.

There are drawbacks, of course. Although the onion routing algorithms are good, onion routing certainly has the potential for higher latency that traditional RIP and OSPF routing. Tor is also not an end-to-end solution. If the ultimate destination of a packet is a machine that doesn't support Tor, the packet is in the open from the time it leaves the Tor exit point and using traditional end-to-end encrytption on top of Tor is advisable.

The gains are significant, though, and as the protocol becomes more widely adopted the advantages will become even more pronounced. Aside from privacy protection, Tor's "next hop" TLS encryption virtually eliminates the potential for traditional "man in the middle" attacks within the network because such attacks rely on knowing the origin and destination of packets, and capturing a usable data stream. Tor, particularly if combined with end-to-end encryption, also makes encrypted data less susceptible to brute force attacks; it is much more difficult to capture a complete data stream, and data is encrypted multiple times with short-lived session keys.

Even though Tor is still in beta, it's well worth a download (The Windows version already won a PCWorld "Best Products of 2005, Security" Award). Take a look, and if you have a public IP, think about setting up a server.