Tor: Difference between revisions
imported>Samueldr m Removed now useless warning header. |
imported>HLandau No edit summary |
||
| Line 1: | Line 1: | ||
{{Security Warning|If you rely on Tor | {{Security Warning|'''Tor is not a panacea.''' If you rely on Tor for anonymity, you should ensure you have a complete understanding of its caveats. Obtaining effective anonymity via Tor '''requires''' you to make certain changes to your browsing habits. The Tor Project has an important [https://www.torproject.org/download/download.html.en#warning list of warnings] available for you to read; you should familiarise yourself with them before using Tor.}} | ||
= | =Browsing the web with Tor= | ||
NixOS packages the Tor Browser Bundle, which is the recommended way to browse the web using Tor. Install the <tt>tor-browser-bundle-bin</tt> package and run <tt>tor-browser</tt>. The browser bundle integrates its own Tor daemon and will handle connect to the Tor network automatically. | |||
{{Security Warning|Do not attempt to browse the web using a web browser other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor is likely to result in imperfect anonymity and is unsafe.}} | |||
=Enabling Tor as a system service= | |||
Tor can be enabled as a system service by enabling options {{nixos:option|services.tor.enable}}. | |||
By | By default Tor in NixOS provides one SOCKS proxy on port 9050. 9050 is a "slow" SOCKS port which can be used for email, git and pretty much any other protocol but HTTP(S) since a new circuit will be created for each destination IP. This is a safe default which complicates identity correlation attacks, although isn't sufficient to completely thwart them. | ||
9063 is | By also enabling {{nixos:option|services.tor.client.enable}}, an additional SOCKS service on port 9063 can be enabled. This is a "fast" SOCKS port suitable for browser use; a new circuit is established every ten minutes. | ||
== | ==Privoxy== | ||
By default, the Privoxy HTTP proxy is enabled if you enable Tor client functionality ({{nixos:option|services.tor.client.enable}}). Privoxy listens on port 8118 and is configured to route to the fast SOCKS port. It is highly advisable to route HTTP traffic via Privoxy rather than via SOCKS directly. | |||
=Tor wrappers: torsocks, torsocks-faster and tsocks= | |||
Tor wrappers such as <tt>torsocks</tt> and <tt>tsocks</tt> can be used to intercept network API calls in applications to direct network activity over a Tor socks port. This allows non-Tor-aware, non-SOCKS-aware applications to have their traffic routed over Tor. | |||
{{Security Warning|Tor wrappers cannot reliably prevent an application from establishing connections outside of the Tor network; they merely ensure that non-malicious code using networking APIs in straightforward ways have their direct connection attempts routed via Tor. As such, ''Tor wrappers are not a secure isolation mechanism.'' | |||
torsocks is | Some applications, such as those using the KDE KIO framework, don't make direct connections and instead use <tt>kdeinit4</tt> to spawn worker processes, rendering the wrappers useless. | ||
For full isolation, run an application inside a virtual machine and configure its network activity to be routed via Tor only, with non-Tor traffic blocked. | |||
}} | |||
torsocks is slightly more secure than tsocks because it blackholes UDP traffic and private IP traffic, | |||
such as LAN traffic. | such as LAN traffic. | ||
If you choose to use a wrapper, use torsocks where possible. Use torsocks-faster/the fast port/Privoxy for HTTP or protocols which break if used from several IPs (such as ICQ or FTP). | |||
tsocks is the weakest wrapper, but it is necessary if your application needs to make local | |||
connections or makes DNS queries in a way not handled by torsocks. For example, Kopete's XMPP plugin | |||
only works with tsocks and leaks DNS queries. | |||
Some applications have native support for | =="Guard" wrappers== | ||
Some applications have native support for SOCKS proxies, and it is tempting to use such support. | |||
However, it isn't unheard of for proxy support to have bugs or for application plugins to ignore proxy | However, it isn't unheard of for proxy support to have bugs or for application plugins to ignore proxy | ||
settings or settings | settings or for settings to get lost. Using a wrapper such as torsocks can be more reliable. | ||
An alternative approach is use both | An alternative approach is use both a wrapper and built-in proxy support. This way, if the application's proxy support fails, the connection is likely to be caught by the wrapper and if you run the application without the wrapper by mistake, the connections are still likely to be proxied. | ||
support fails, the connection is likely to be caught by | |||
== Privoxy | =Using KDE with Tor= | ||
In KDE, proxy server configuration is set for all applications centrally. You should set the SOCKS proxy to Tor's default SOCKS port (127.0.0.1:9050), and set the HTTP proxy to Privoxy (127.0.0.1:8118). | |||
Without Privoxy, KDE applications using either KHTML or WebKit KPart (such as Konqueror, Rekonq, KTorrent, Akregator) would become nearly unusable and cause excessive load to the Tor network. | |||
Another possibility is to run <tt>tsocks kdeinit4</tt>, which would cause kdeinit4 to respawn in a wrapped state. All KDE applications started after this will be wrapped with tsocks. | |||
Another possibility is to run | |||
All KDE applications started after this | |||
===Kopete=== | |||
Kopete makes direct connections and ignores KDE settings. Kopete torification | Kopete makes direct connections and ignores KDE settings. Kopete torification | ||
dependins on what plugins you use. XMPP requires tsocks. ICQ requires torsocks-faster. | dependins on what plugins you use. XMPP requires <tt>tsocks</tt>. ICQ requires <tt>torsocks-faster</tt>. | ||
KMail respects KDE-wide proxy settings, and the "safe" SOCKS port offers good isolation between | ===KDE PIM=== | ||
KMail respects KDE-wide proxy settings, and the "safe" SOCKS port offers good isolation between mailboxes. | |||
= | =Using Vidalia to view network information and change circuits= | ||
Vidalia is convenient for troubleshooting Tor and changing circuits should your current exit node be banned by a particular site. | |||
Vidalia | Vidalia needs a Tor control port to be available: | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
services.tor.controlPort = 9051; | { | ||
... | |||
services.tor.controlPort = 9051; | |||
... | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Vidalia | {{Note|Avoid using Vidalia to change Tor configuration on the fly; instead, use NixOS configuration to control the Tor instance. On NixOS, The only useful features of Vidalia are "new identity" and "network map".<br/><br/> | ||
The only useful features are "new | |||
If you do change something else by accident, you will have to manually edit | If you do change something else by accident, you will have to manually edit Vidalia's configuration file ~/.vidalia/vidalia.conf and replace all instances of <tt>Changed = true</tt> with <tt>Changed = false</tt>, otherwise Vidalia and NixOS will fight for control of the Tor service process.}} | ||
Vidalia's configuration file ~/.vidalia/vidalia.conf and replace | |||
all | |||
will fight for | |||
Revision as of 22:50, 24 October 2017
 |
Warning
Tor is not a panacea. If you rely on Tor for anonymity, you should ensure you have a complete understanding of its caveats. Obtaining effective anonymity via Tor requires you to make certain changes to your browsing habits. The Tor Project has an important list of warnings available for you to read; you should familiarise yourself with them before using Tor.
|
Browsing the web with Tor
NixOS packages the Tor Browser Bundle, which is the recommended way to browse the web using Tor. Install the tor-browser-bundle-bin package and run tor-browser. The browser bundle integrates its own Tor daemon and will handle connect to the Tor network automatically.
|
Warning
Do not attempt to browse the web using a web browser other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor is likely to result in imperfect anonymity and is unsafe.
|
Enabling Tor as a system service
Tor can be enabled as a system service by enabling options services.tor.enable.
By default Tor in NixOS provides one SOCKS proxy on port 9050. 9050 is a "slow" SOCKS port which can be used for email, git and pretty much any other protocol but HTTP(S) since a new circuit will be created for each destination IP. This is a safe default which complicates identity correlation attacks, although isn't sufficient to completely thwart them.
By also enabling services.tor.client.enable, an additional SOCKS service on port 9063 can be enabled. This is a "fast" SOCKS port suitable for browser use; a new circuit is established every ten minutes.
Privoxy
By default, the Privoxy HTTP proxy is enabled if you enable Tor client functionality (services.tor.client.enable). Privoxy listens on port 8118 and is configured to route to the fast SOCKS port. It is highly advisable to route HTTP traffic via Privoxy rather than via SOCKS directly.
Tor wrappers: torsocks, torsocks-faster and tsocks
Tor wrappers such as torsocks and tsocks can be used to intercept network API calls in applications to direct network activity over a Tor socks port. This allows non-Tor-aware, non-SOCKS-aware applications to have their traffic routed over Tor.
|
Warning
Tor wrappers cannot reliably prevent an application from establishing connections outside of the Tor network; they merely ensure that non-malicious code using networking APIs in straightforward ways have their direct connection attempts routed via Tor. As such, Tor wrappers are not a secure isolation mechanism.
Some applications, such as those using the KDE KIO framework, don't make direct connections and instead use kdeinit4 to spawn worker processes, rendering the wrappers useless. For full isolation, run an application inside a virtual machine and configure its network activity to be routed via Tor only, with non-Tor traffic blocked. |
torsocks is slightly more secure than tsocks because it blackholes UDP traffic and private IP traffic, such as LAN traffic.
If you choose to use a wrapper, use torsocks where possible. Use torsocks-faster/the fast port/Privoxy for HTTP or protocols which break if used from several IPs (such as ICQ or FTP).
tsocks is the weakest wrapper, but it is necessary if your application needs to make local connections or makes DNS queries in a way not handled by torsocks. For example, Kopete's XMPP plugin only works with tsocks and leaks DNS queries.
"Guard" wrappers
Some applications have native support for SOCKS proxies, and it is tempting to use such support. However, it isn't unheard of for proxy support to have bugs or for application plugins to ignore proxy settings or for settings to get lost. Using a wrapper such as torsocks can be more reliable.
An alternative approach is use both a wrapper and built-in proxy support. This way, if the application's proxy support fails, the connection is likely to be caught by the wrapper and if you run the application without the wrapper by mistake, the connections are still likely to be proxied.
Using KDE with Tor
In KDE, proxy server configuration is set for all applications centrally. You should set the SOCKS proxy to Tor's default SOCKS port (127.0.0.1:9050), and set the HTTP proxy to Privoxy (127.0.0.1:8118).
Without Privoxy, KDE applications using either KHTML or WebKit KPart (such as Konqueror, Rekonq, KTorrent, Akregator) would become nearly unusable and cause excessive load to the Tor network.
Another possibility is to run tsocks kdeinit4, which would cause kdeinit4 to respawn in a wrapped state. All KDE applications started after this will be wrapped with tsocks.
Kopete
Kopete makes direct connections and ignores KDE settings. Kopete torification dependins on what plugins you use. XMPP requires tsocks. ICQ requires torsocks-faster.
KDE PIM
KMail respects KDE-wide proxy settings, and the "safe" SOCKS port offers good isolation between mailboxes.
Using Vidalia to view network information and change circuits
Vidalia is convenient for troubleshooting Tor and changing circuits should your current exit node be banned by a particular site.
Vidalia needs a Tor control port to be available:
{
...
services.tor.controlPort = 9051;
...
}