# [solved] Tor bundle

## seneca

The Tor site recommends the use of the Tor bundle package rather than a true install, and states privoxy is no longer needed.  In searching these forums I didn't see any reference to that.  So the question is, from a gentoo perspective, should we still be emerging Tor and privoxy or do those who known about these things think we should use the bundle package instead?  A reason for the recommendation would also be appreciated.

On a related note, do we need any special setting of iptablles for Tor to work properly?

Any help is welcomed

----------

## Gentoo64

I think it's because the browser bundle is already optimized for privacy and set up out the box. You can still use tor, privoxy isn't needed afaik on later versions of firefox but you could still use it anyway, I think it was to overcome an issue of older versions of firefox only. If you manually install torbutton you can't switch on the fly any more it's either on or off on startup.

You don't need to touch iptables to use tor as a client. If you want to use tor as a bridge then you'll have to open some ports you defined in the config.

----------

## seneca

 *Quote:*   

> You don't need to touch iptables to use tor as a client

 

Thank you for the reply, gentoo64

Still not clear on the Tor bundle though.  Is there a benefit to emerging Tor instead of using the preconfigured mozilla binary bundle?   and, if we go the emerge route, is privoxy still necessary, given the browser we would then use is not preconfigured the way the bundled mozilla binary is?

----------

## khayyam

seneca ...

The tor bundle is (as least, was) net-misc/vidalia, a patched version of firefox, and torbuttoni (what was torbutton) ... the torproject insists that no other combination of these tools fully protects anonymity, and have gone so far as to claim the same tools with the same patches are "not supported" (that is, any source other than the torproject isn't kosha). This includes gentoo, which at one point was packaging the bundle. Hasufell was maintaining this, but I can no longer see it in the tree (in fact, I can't even remember exactly what it was called, so perhaps its still there but I'm just missing it). So, what the current status is I'm not altogether sure, but whatever the case I don't see the torprojects stance as a valid one, as it would make more sense to support distributions bundling these various components in some manner, as long as there was some level of testing and QA involved. This would, like other software projects,  allow for more parties being actively involved (and would mean that a user could skip the use of vadalia, if the user didn't need a gui to start tor, etc, which can quite easily be handled via other methods). I think the torproject is engaging in a validity game, they don't run the tor network, they simply provide a tool, so what else to do but try and occupy the mindspace, and maintain themselves as the only source of trustworthy tools, etc. A lot of this, I believe, has to do with funding, they have to justify why it is that they are worthy of (public? ... I'm not sure) funds, and so have to be seen as running the show. I'm sure there are other issues involved, such as the mozilla foundation, but to my mind the torproject isn't really making the right decisions (whatever the motives), it seems like the box really should be nailed shut ... for your own safety of course :)

best ... khay

----------

## seneca

 *Quote:*   

>  I don't see the torprojects stance as a valid one

 

I agree, Khay

I'm emerging Tor..

Thank, you (again)

----------

