Tor: Difference between revisions

(5 intermediate revisions by 3 users not shown)

Line 1:

~~<div style="border: 1px solid #D33; background-color: #FFEBEB; padding: 12px; line-height: 1.7; border-radius: 5px; margin: 5px 0px;">~~

{{Security Warning|To achieve effective anonymity with Tor, you must understand its <strong>caveats</strong> and adjust your <strong>browsing habits</strong>. The Tor Project provides a crucial [https://support.torproject.org/faq/staying-anonymous/ list of tips] that you should read before using Tor.|heading=Tor is not a panacea.}}

~~<span style="color: #D33; font-size: 20px; float: left; margin-right: 10px;">⚠</span>~~

~~<div style="overflow: hidden;"><strong>Tor is not a panacea.</strong>~~ To achieve effective anonymity with Tor, you must understand its <strong>caveats</strong> and adjust your <strong>browsing habits</strong>. The Tor Project provides a crucial [https://support.torproject.org/faq/staying-anonymous/ list of tips] that you should read before using Tor.~~</div>~~

~~</div>~~

<strong>Tor (The Onion Router)</strong> is a free, open-source software that enables anonymous internet communication. It protects users' privacy by routing traffic through a global network of volunteer-operated servers, masking IP addresses and online activities. Tor's key features include <strong>anonymity</strong>, <strong>privacy</strong>, and <strong>censorship circumvention</strong>. It supports hidden services with <strong>.onion domains</strong> for additional anonymity.

Line 98:

Line 95:

};

# Operating a Snowflake proxy helps others circumvent censorship. Safe to run.

services.snowflake-proxy = {

enable = true;

Line 106:

Line 105:

The Tor relay will require some days to advertise in the network, to the [https://metrics.torproject.org/rs.html relay index] and start generating traffic. You can query metrics about your relay on the relay index page using the name or email from the settings.

In case your Tor relay is running behind a NAT network, be sure to forward the ORPort to your server running Tor.

In case your Tor relay is running behind a NAT network, be sure to forward the ORPort and the obfs4 Port to your server running Tor.

= Tips and Tricks =

== Tips and Tricks ==

==== Location of Option ====

=== Location of Option ===

The global options are listed on [https://~~mynixos~~.~~com~~/~~search~~?q=tor ~~MyNixOS~~].

The global options are listed here [https://search.nixos.org/options?channel=unstable&query=services.tor services.tor.*].

==== Relay Management ====

=== Relay Management ===

Tor relays are servers that help anonymize internet traffic by routing it through a series of nodes. Each relay in the Tor network plays a crucial role in maintaining the privacy and security of users by ensuring that no single point can trace the origin and destination of the data. The primary purpose of Tor relays is to facilitate anonymous communication and protect users from network surveillance and traffic analysis.

Line 134:

Line 133:

* '''Liability:''' Exit relay operators may face legal scrutiny if their relays are used for illegal activities. It is important for operators to understand the potential legal implications and take appropriate measures to protect themselves.

==== Client Bridge ====

=== Client Bridge ===

~~<div style="border: 1px solid #D33; background-color: #FFEBEB; padding: 12px; line-height: 1.7; border-radius: 5px; margin: 5px 0px;">~~

{{Security Warning|Do not attempt to use Tor with any web browsers other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor is likely to result in imperfect anonymity and is unsafe.}}

~~<span style="color: #D33; font-size: 20px; float: left; margin-right: 10px;">⚠</span>~~

~~<div style="overflow: hidden;"><strong>~~Security Warning~~:</strong>~~ Do not attempt to use Tor with any web browsers other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor is likely to result in imperfect anonymity and is unsafe.~~</div>~~

~~</div>~~

Tor can be enabled as a system service by enabling options {{nixos:option|services.tor.enable}}. Configuration of tor service is an example of [https://nixos.org/manual/nixos/stable/index.html#sec-freeform-modules Freeform module], so you can pass not only explicitly supported {{nixos:option|services.tor.settings}}, but all other [https://2019.www.torproject.org/docs/tor-manual.html.en torrc] options. For example, client bridge config can be set like this:

Line 153:

Line 150:

By also enabling {{nixos:option|services.tor.client.enable}}, an additional SOCKS service on port 9063 can be enabled. This is a "fast" SOCKS port suitable for browser use; a new circuit is established every ten minutes.

==== Sandboxing ====

=== Sandboxing ===

You can also run the [[Tor Browser in a Container]].

Line 159:

Line 156:

Alternatively, Tor can be configured together with the [[Firejail#Torify_application_traffic|Firejail]] sandboxing solution.

==== Faster Reconnects on Network Switch ====

=== Faster Reconnects on Network Switch ===

Using [[Systemd/networkd/dispatcher]] it is possible to restart the Tor daemon every time a network reconnect is performed. This avoids having to wait for Tor network timeouts and reestablishes a new connection faster.

Line 167:

Line 164:

An alternative approach is use both a wrapper and built-in proxy support. This way, if the application's proxy support fails, the connection is likely to be caught by the wrapper and if you run the application without the wrapper by mistake, the connections are still likely to be proxied.

==== KDE Integration ====

=== KDE Integration ===

'''KDE Proxy Configuration'''

In KDE, proxy server configuration is set for all applications centrally. You should set the SOCKS proxy to Tor's default SOCKS port (127.0.0.1:9050), and set the HTTP proxy to Privoxy (127.0.0.1:8118).

Line 181:

Line 178:

KMail respects KDE-wide proxy settings, and the "safe" SOCKS port offers good isolation between mailboxes.

==== DNS over Tor ====

=== DNS over Tor ===

services = {

Line 203:

Line 200:

Please refer to [https://wiki.archlinux.org/title/Tor#TorDNS ArchWiki] for details.

= References =

== References ==

# https://support.torproject.org/tbb/tbb-9

Line 209:

Line 206:

# https://2019.www.torproject.org/docs/tor-manual.html.en

# https://wiki.archlinux.org/title/Tor#TorDNS

# https://~~mynixos~~.~~com~~/~~search~~?q=tor

# https://search.nixos.org/options?channel=unstable&query=services.tor

@@ Line 1: / Line 1: @@
-<div style="border: 1px solid #D33; background-color: #FFEBEB; padding: 12px; line-height: 1.7; border-radius: 5px; margin: 5px 0px;">
+{{Security Warning|To achieve effective anonymity with Tor, you must understand its <strong>caveats</strong> and adjust your <strong>browsing habits</strong>. The Tor Project provides a crucial [https://support.torproject.org/faq/staying-anonymous/ list of tips] that you should read before using Tor.|heading=Tor is not a panacea.}}
-<span style="color: #D33; font-size: 20px; float: left; margin-right: 10px;">⚠</span>
-<div style="overflow: hidden;"><strong>Tor is not a panacea.</strong> To achieve effective anonymity with Tor, you must understand its <strong>caveats</strong> and adjust your <strong>browsing habits</strong>. The Tor Project provides a crucial [https://support.torproject.org/faq/staying-anonymous/ list of tips] that you should read before using Tor.</div>
-</div>
 <strong>Tor (The Onion Router)</strong> is a free, open-source software that enables anonymous internet communication. It protects users' privacy by routing traffic through a global network of volunteer-operated servers, masking IP addresses and online activities. Tor's key features include <strong>anonymity</strong>, <strong>privacy</strong>, and <strong>censorship circumvention</strong>. It supports hidden services with <strong>.onion domains</strong> for additional anonymity.
@@ Line 98: / Line 95: @@
    };
 };
+# Operating a Snowflake proxy helps others circumvent censorship. Safe to run.
 services.snowflake-proxy = {
    enable = true;
@@ Line 106: / Line 105: @@
 The Tor relay will require some days to advertise in the network, to the [https://metrics.torproject.org/rs.html relay index] and start generating traffic. You can query metrics about your relay on the relay index page using the name or email from the settings.
-In case your Tor relay is running behind a NAT network, be sure to forward the ORPort to your server running Tor.
+In case your Tor relay is running behind a NAT network, be sure to forward the ORPort and the obfs4 Port to your server running Tor.
-= Tips and Tricks =
+== Tips and Tricks ==
-==== Location of Option ====
+=== Location of Option ===
-The global options are listed on [https://mynixos.com/search?q=tor MyNixOS].
+The global options are listed here [https://search.nixos.org/options?channel=unstable&query=services.tor services.tor.*].
-==== Relay Management ====
+=== Relay Management ===
 Tor relays are servers that help anonymize internet traffic by routing it through a series of nodes. Each relay in the Tor network plays a crucial role in maintaining the privacy and security of users by ensuring that no single point can trace the origin and destination of the data. The primary purpose of Tor relays is to facilitate anonymous communication and protect users from network surveillance and traffic analysis.
@@ Line 134: / Line 133: @@
 * '''Liability:''' Exit relay operators may face legal scrutiny if their relays are used for illegal activities. It is important for operators to understand the potential legal implications and take appropriate measures to protect themselves.
-==== Client Bridge ====
+=== Client Bridge ===
-<div style="border: 1px solid #D33; background-color: #FFEBEB; padding: 12px; line-height: 1.7; border-radius: 5px; margin: 5px 0px;">
+{{Security Warning|Do not attempt to use Tor with any web browsers other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor is likely to result in imperfect anonymity and is unsafe.}}
-<span style="color: #D33; font-size: 20px; float: left; margin-right: 10px;">⚠</span>
-<div style="overflow: hidden;"><strong>Security Warning:</strong> Do not attempt to use Tor with any web browsers other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor is likely to result in imperfect anonymity and is unsafe.</div>
-</div>
 Tor can be enabled as a system service by enabling options {{nixos:option|services.tor.enable}}. Configuration of tor service is an example of [https://nixos.org/manual/nixos/stable/index.html#sec-freeform-modules Freeform module], so you can pass not only explicitly supported {{nixos:option|services.tor.settings}}, but all other [https://2019.www.torproject.org/docs/tor-manual.html.en torrc] options. For example, client bridge config can be set like this:
@@ Line 153: / Line 150: @@
 By also enabling {{nixos:option|services.tor.client.enable}}, an additional SOCKS service on port 9063 can be enabled. This is a "fast" SOCKS port suitable for browser use; a new circuit is established every ten minutes.
-==== Sandboxing ====
+=== Sandboxing ===
 You can also run the [[Tor Browser in a Container]].
@@ Line 159: / Line 156: @@
 Alternatively, Tor can be configured together with the [[Firejail#Torify_application_traffic|Firejail]] sandboxing solution.
-==== Faster Reconnects on Network Switch ====
+=== Faster Reconnects on Network Switch ===
 Using [[Systemd/networkd/dispatcher]] it is possible to restart the Tor daemon every time a network reconnect is performed. This avoids having to wait for Tor network timeouts and reestablishes a new connection faster.
@@ Line 167: / Line 164: @@
 An alternative approach is use both a wrapper and built-in proxy support. This way, if the application's proxy support fails, the connection is likely to be caught by the wrapper and if you run the application without the wrapper by mistake, the connections are still likely to be proxied.
-==== KDE Integration ====
+=== KDE Integration ===
 '''KDE Proxy Configuration'''
 In KDE, proxy server configuration is set for all applications centrally. You should set the SOCKS proxy to Tor's default SOCKS port (127.0.0.1:9050), and set the HTTP proxy to Privoxy (127.0.0.1:8118).
@@ Line 181: / Line 178: @@
 KMail respects KDE-wide proxy settings, and the "safe" SOCKS port offers good isolation between mailboxes.
-==== DNS over Tor ====
+=== DNS over Tor ===
 <syntaxhighlight lang="nix">
 services = {
@@ Line 203: / Line 200: @@
 Please refer to [https://wiki.archlinux.org/title/Tor#TorDNS ArchWiki] for details.
-= References =
+== References ==
 # https://support.torproject.org/tbb/tbb-9
@@ Line 209: / Line 206: @@
 # https://2019.www.torproject.org/docs/tor-manual.html.en
 # https://wiki.archlinux.org/title/Tor#TorDNS
-# https://mynixos.com/search?q=tor
+# https://search.nixos.org/options?channel=unstable&query=services.tor