Tor: Difference between revisions
imported>Onny Restructuring page |
imported>Onny mNo edit summary |
||
| Line 9: | Line 9: | ||
NixOS packages the Tor Browser Bundle, which is the recommended way to browse the web using Tor. Install the <tt>tor-browser-bundle-bin</tt> package and run <tt>tor-browser</tt>. The browser bundle integrates its own Tor daemon and will handle connecting to the Tor network automatically. | NixOS packages the Tor Browser Bundle, which is the recommended way to browse the web using Tor. Install the <tt>tor-browser-bundle-bin</tt> package and run <tt>tor-browser</tt>. The browser bundle integrates its own Tor daemon and will handle connecting to the Tor network automatically. | ||
= | = Configuration = | ||
{{Security Warning|Do not attempt to use Tor with any web browsers other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor [https://support.torproject.org/tbb/tbb-9 is likely to result in imperfect anonymity and is unsafe].}} | {{Security Warning|Do not attempt to use Tor with any web browsers other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor [https://support.torproject.org/tbb/tbb-9 is likely to result in imperfect anonymity and is unsafe].}} | ||
| Line 27: | Line 27: | ||
By also enabling {{nixos:option|services.tor.client.enable}}, an additional SOCKS service on port 9063 can be enabled. This is a "fast" SOCKS port suitable for browser use; a new circuit is established every ten minutes. | By also enabling {{nixos:option|services.tor.client.enable}}, an additional SOCKS service on port 9063 can be enabled. This is a "fast" SOCKS port suitable for browser use; a new circuit is established every ten minutes. | ||
= Clients = | |||
== Privoxy == | |||
By default, the Privoxy HTTP proxy is enabled if you enable Tor client functionality ({{nixos:option|services.tor.client.enable}}). Privoxy listens on port 8118 and is configured to route to the fast SOCKS port. It is highly advisable to route HTTP traffic via Privoxy rather than via SOCKS directly. | By default, the Privoxy HTTP proxy is enabled if you enable Tor client functionality ({{nixos:option|services.tor.client.enable}}). Privoxy listens on port 8118 and is configured to route to the fast SOCKS port. It is highly advisable to route HTTP traffic via Privoxy rather than via SOCKS directly. | ||
== Tor wrappers == | |||
Tor wrappers such as <tt>torsocks</tt> and <tt>tsocks</tt> can be used to intercept network API calls in applications to direct network activity over a Tor socks port. This allows non-Tor-aware, non-SOCKS-aware applications to have their traffic routed over Tor. | Tor wrappers such as <tt>torsocks</tt> and <tt>tsocks</tt> can be used to intercept network API calls in applications to direct network activity over a Tor socks port. This allows non-Tor-aware, non-SOCKS-aware applications to have their traffic routed over Tor. | ||
| Line 53: | Line 53: | ||
only works with tsocks and leaks DNS queries. | only works with tsocks and leaks DNS queries. | ||
== "Guard" wrappers == | |||
Some applications have native support for SOCKS proxies, and it is tempting to use such support. | Some applications have native support for SOCKS proxies, and it is tempting to use such support. | ||
However, it isn't unheard of for proxy support to have bugs or for application plugins to ignore proxy | However, it isn't unheard of for proxy support to have bugs or for application plugins to ignore proxy | ||
| Line 60: | Line 61: | ||
An alternative approach is use both a wrapper and built-in proxy support. This way, if the application's proxy support fails, the connection is likely to be caught by the wrapper and if you run the application without the wrapper by mistake, the connections are still likely to be proxied. | An alternative approach is use both a wrapper and built-in proxy support. This way, if the application's proxy support fails, the connection is likely to be caught by the wrapper and if you run the application without the wrapper by mistake, the connections are still likely to be proxied. | ||
== Usage with KDE == | |||
In KDE, proxy server configuration is set for all applications centrally. You should set the SOCKS proxy to Tor's default SOCKS port (127.0.0.1:9050), and set the HTTP proxy to Privoxy (127.0.0.1:8118). | In KDE, proxy server configuration is set for all applications centrally. You should set the SOCKS proxy to Tor's default SOCKS port (127.0.0.1:9050), and set the HTTP proxy to Privoxy (127.0.0.1:8118). | ||
| Line 68: | Line 69: | ||
Another possibility is to run <tt>tsocks kdeinit4</tt>, which would cause kdeinit4 to respawn in a wrapped state. All KDE applications started after this will be wrapped with tsocks. | Another possibility is to run <tt>tsocks kdeinit4</tt>, which would cause kdeinit4 to respawn in a wrapped state. All KDE applications started after this will be wrapped with tsocks. | ||
== Kopete == | |||
Kopete makes direct connections and ignores KDE settings. Kopete torification | Kopete makes direct connections and ignores KDE settings. Kopete torification | ||
dependins on what plugins you use. XMPP requires <tt>tsocks</tt>. ICQ requires <tt>torsocks-faster</tt>. | dependins on what plugins you use. XMPP requires <tt>tsocks</tt>. ICQ requires <tt>torsocks-faster</tt>. | ||
== KDE PIM == | |||
KMail respects KDE-wide proxy settings, and the "safe" SOCKS port offers good isolation between mailboxes. | KMail respects KDE-wide proxy settings, and the "safe" SOCKS port offers good isolation between mailboxes. | ||