Onion Information

Page Clicks: 0

First Seen: 03/11/2024

Last Indexed: 10/21/2024

Domain Index Total: 195

Tor is a proxy server which allows its users to hide their IP address from the websites they connect to. In order to provide this level of anonymity however, it introduces latency into these connections, an unfortunate performance-privacy trade-off which means that few users choose to do all of their browsing through Tor. Here are a few things that I have found work quite well through Tor. If there are any other interesting use cases I've missed (e.g. reviewing academic papers ), please leave a comment! Tor setup There are already great docs on how to install and configure the Tor server and the only thing I would add is that I've found that having a Polipo proxy around is quite useful for those applications that support HTTP proxies but not SOCKS proxies. On Debian, it's just a matter of installing the polipo package and then setting the following in /etc/polipo/config : logSyslog = true logFile = /var/log/polipo/polipo.log # Configure polipo for use with tor proxyAddress = "127.0.0.1" proxyPort = 8008 allowedClients = 127.0.0.1 allowedPorts = 1-65535 proxyName = "localhost" cacheIsShared = false socksParentProxy = "localhost:9050" socksProxyType = socks5 chunkHighMark = 67108864 diskCacheRoot = "" localDocumentRoot = "" disableLocalInterface = true disableConfiguration = true dnsQueryIPv6 = no dnsUseGethostbyname = yes disableVia = true censoredHeaders = from,accept-language,x-pad,link censorReferer = maybe # Suggestions from Incognito configuration maxConnectionAge = 5m maxConnectionRequests = 120 serverMaxSlots = 8 serverSlots = 2 tunnelAllowedPorts = 1-65535 RSS feeds The whole idea behind RSS feeds is that articles are downloaded in batch ahead of time. In other words, latency doesn't matter. I use akregator to read blogs and the way to make it fetch articles over Tor is to change the KDE -wide proxy server using systemsettings and setting a manual proxy of localhost on port 8008 (i.e. the local instance of Polipo). If you don't see the proxy settings in the KDE control panel, make sure that the kde-baseapps-bin , libkonq-common and kpart-webkit packages are installed. Similarly, I use podget to automatically fetch podcasts through this cron job in /etc/cron.d/podget-francois : 0 12 * * 1-5 francois http_proxy=http://localhost:8008/ https_proxy=http://localhost:8008/ nice ionice -n7 /usr/bin/podget -s Prior to that, I was using hpodder and had the following in ~/.hpodder/curlrc : proxy=socks4a://localhost:9050 GnuPG For those of us using the GNU Privacy Guard to exchange encrypted emails , keeping our public keyring up to date is important since it's the only way to ensure that revoked keys are taken into account. The script I use for this runs once a day and has the unfortunate side effect of revealing the contents of my address book to the keyserver I use. Therefore, I figured that I should at least hide my IP address by putting the following in ~/.gnupg/gpg.conf : keyserver-options http-proxy=http://127.0.0.1:8008 However, that tends to makes key submission fail and so I created a key submission alias in my ~/.bashrc which avoids sending keys through Tor: alias gpgsendkeys='gpg --send-keys --keyserver-options http-proxy=""' Package updates Since most Debian packages are fairly small, downloading them over Tor doesn't take a whole lot longer. Large updates on the other hand are affected unless you do them in the background like I do with this daily cron job : apt-get -qq update apt-get -qq clean apt-get --download-only --assume-yes --force-yes -qq dist-upgrade apt-get -qq autoclean To do updates over Tor, simply install the apt-transport-tor package and then replace http:// with tor+http:// everywhere in your /etc/apt/sources.list so that it looks like: deb tor+http://httpredir.debian.org/debian sid main contrib deb-src tor+http://httpredir.debian.org/debian sid main contrib deb tor+http://httpredir.debian.org/debian experimental main deb-src tor+http://httpredir.debian.org/debian experimental main Instant messaging Communication via XMPP is another use case that's not affected much by a bit of extra latency. To get Pidgin to talk to an XMPP server over Tor, simply open "Tools | Preferences" and set a Tor/Privacy (SOCKS5) proxy of 127.0.0.1 on port 9050 . GMail Finally, I found that since I am running GMail in a separate browser profile , I can take advantage of GMail's excellent caching and preloading and run the whole thing over Tor by setting that entire browser profile to run its traffic through the Tor SOCKS proxy on port 9050 . RSS Atom Please use parcimonie for OpenPGP keyring refreshes since that is much more fire-and-forget and also results in less correlation between the different keys you are fetching. https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#make-sure-you-are-receiving-regular-key-updates That's all great, but using non-anonymous services defeats the purpose oft Tor. You could just use your plain connection when communicating because after all one can see your nickname or email address. What's more you can even be identified when you really want to be anonymous, because you used the Tor connection for identifyable communication earlier. Using Tor to login to services that identify you defeats the purpose of Tor. Also, although 99% of people running Tor exits nodes are honest people, there is a risk of hitting a node with more nefarious purposes such as collecting user-names and passwords. Make sure you're using end-to-end encryption. Surf safe my friend. The Tor Browser Bundle is the current recommended way to browse the web through Tor. Even without knowning the client's IP address, web browsers are highly fingerprintable . The Tor Browser contains several modifications to Firefox that will help with fingerprinting issues. I know it's not packaged in Debian but releases are signed by Erinn's key which is in the Debian keyring and getting the Tor Browser Bundle running is about unpacking a tarball and running a shell script. Also the new torsocks , currently in experimental, have several protections against application leaks and works fine with several RSS readers or GnuPG. The Tor/Privacy option of Pidgin was added in order to prevent DNS leaks and should be used. The proxy host should be set to 127.0.0.1 and not localhost instead. Using Tor to login to services that identify you defeats the purpose of Tor. It does not defend the purpose of Tor. It might be a problem in your threat model but not in the one of others. One of Tor properties is that it hides the client's network location. Even if I login to my bank, why should they incidentally learn about my travels? Where I currently am is none of their business. Add a comment