Tor: Difference between revisions

Line 7:

{{Security Warning|Do not attempt to use Tor with any web browsers other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor [https://support.torproject.org/tbb/tbb-9 is likely to result in imperfect anonymity and is unsafe].}}

Tor can be enabled as a system service by enabling options {{nixos:option|services.tor.enable}}.

Tor can be enabled as a system service by enabling options {{nixos:option|services.tor.enable}}. Configuration of tor service is an example of [https://nixos.org/manual/nixos/stable/index.html#sec-freeform-modules Freeform module], so you can pass not only explicitly supported {{nixos:option|services.tor.settings}}, but all other [https://2019.www.torproject.org/docs/tor-manual.html.en torrc] options. For example, client bridge config can be set like this:

services.tor.settings = {

UseBridges = true;

ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/obfs4proxy";

Bridge = "obfs4 IP:ORPort [fingerprint]"

};

</syntaxhighlight>

By default Tor in NixOS provides one SOCKS proxy on port 9050. 9050 is a "slow" SOCKS port which can be used for email, git and pretty much any other protocol but HTTP(S) since a new circuit will be created for each destination IP. This is a safe default which complicates identity correlation attacks, although isn't sufficient to completely thwart them.

@@ Line 7: / Line 7: @@
 {{Security Warning|Do not attempt to use Tor with any web browsers other than Tor Browser. Tor Browser integrates custom modifications to Firefox to enhance anonymity and ensure that information leakage does not occur. Using another web browser with Tor [https://support.torproject.org/tbb/tbb-9 is likely to result in imperfect anonymity and is unsafe].}}
-Tor can be enabled as a system service by enabling options {{nixos:option|services.tor.enable}}.
+Tor can be enabled as a system service by enabling options {{nixos:option|services.tor.enable}}. Configuration of tor service is an example of  [https://nixos.org/manual/nixos/stable/index.html#sec-freeform-modules Freeform module], so you can pass not only explicitly supported {{nixos:option|services.tor.settings}}, but all other [https://2019.www.torproject.org/docs/tor-manual.html.en torrc] options. For example, client bridge config can be set like this:
+<syntaxhighlight lang="nix">
+services.tor.settings = {
+      UseBridges = true;
+      ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/obfs4proxy";
+      Bridge = "obfs4 IP:ORPort [fingerprint]"
+};
+</syntaxhighlight>
 By default Tor in NixOS provides one SOCKS proxy on port 9050. 9050 is a "slow" SOCKS port which can be used for email, git and pretty much any other protocol but HTTP(S) since a new circuit will be created for each destination IP. This is a safe default which complicates identity correlation attacks, although isn't sufficient to completely thwart them.