# Anonymous web browsing / instant messaging etc.

## Pythonhead

In this HOWTO I'll explain how you can browse the web anonymously* by using tor and privoxy with Gentoo.

Tor can also be used to make other network clients (instant messaging, usenet, etc) act anonymously. I will also explain how to make servers on your machine available anonymously through Tor's "hidden services" mechanism.

If you have concerns about aiding infidels, puppy-jugglers or child pornographers, please understand that running a tor client does not require you to operate a node in a p2p network.

*Note: You'll need to disable javascript and java in your browser if you'd like to be as anonymous as possible. See Tor's homepage http://tor.eff.org/ for more information. 

Browsing the web anonymously:

As root:

```
emerge net-misc/tor

emerge www-proxy/privoxy
```

Add this line to /etc/privoxy/config 

```
forward-socks4a / localhost:9050 .
```

You can put that line at the top of the file, but line 1010 looks like the right place.

Start privoxy:

```
/etc/init.d/privoxy start
```

Copy the tor sample rc file. There is no need to edit for regular operation:

```

cp /etc/tor/torrc.sample /etc/tor/torrc
```

Start tor:

```
/etc/init.d/tor start
```

If you want to start tor with every boot (probably not):

```
rc-update add tor default
```

Configure your web browser's http proxy to point to:

host: 127.0.0.1  port: 8118

(Under Firefox, go to the Edit menu/Prerences/General/Connection)

You should also set your SSL proxy to the same thing, to hide your SSL traffic.

You are now browsing anonymously.

To test it, go to this site and see what ip it reports as your own:

http://peertech.org/privacy-knoppix/

You can use network clients enabled with SOCKS in a similar way. 

How to use Gaim, any protocol (Yahoo, Aim etc.) with tor:

Make sure you have privoxy and tor running as explained above.

In Gaim, go to the Tools menu, select Accounts. Select the IM protocol you want to anonymize, click Modify.

Click 'Show more options'

Under 'Proxy Options' select proxy type SOCKS 5

Enter 127.0.01 for the host

Enter 9050 for the port

Leave user/pass blank

No idea how to test this except to have a friend tell you what your ip is. The above method will work with any network client that is capable of SOCKS proxy, such as x-chat, irssi, Azureus etc.

Offering hidden services

A hidden service is a server on your computer that you make available via tor with a .onion top level domain.

A website offered through a hidden service looks like this:

http://6sxoyfb3h2nvok2d.onion/tor/SocatHelp

You can offer hidden services while tor is running as a client or server.

To make your web server available anonymously, edit ~/.tor/torrc and in the hidden services portion add these lines:

```
HiddenServiceDir ~/apache_hidden/

HiddenServicePort 80 127.0.0.1:80

```

Now create ~/apache_hidden and start tor. Look in the file ~/apache_hidden/hostname for the .onion address you want to publish.

Using tor and privoxy makes offering hidden services for web servers easy, but what if you want to make a non-http service available?

Say you have a mud server running on port 5454 and want to make it available as a hidden service. Follow the above steps, creating a  directory named ~/mud_hidden/ instead. 

To get to your mud people would use the address  34vss3f3tohrri.onion:5454

But telnet can't use the .onion namespace so we need to use socat.

```
emerge net-misc/socat

socat TCP4-LISTEN:2222,fork SOCKS4A:localhost:34vss3f3tohrri.onion:7878,socksport=9050

```

Now you can test it by telnet'ing to localhost: 2222

Do this from another machine to verify its working anonymously.

Note: All of the above steps will enable tor to be used as a client only. In other words you won't be a node and using 20 gigabytes of bandwidth per month, just what you'd normally use by surfing the web.

Todo: Browsing through Tor is a little slow and not necessary for daily use by most. It'd be nice to have a script that starts privoxy, tor, then Firefox with a config that has the proxy set to 127.0.0.1:8118, then shuts it all down when you exit Firefox. For now you can tell privoxy to stop working but not quit, so you don't have to reconfigure your web browser by bookmarking one of the listed bookmarklets:

http://config.privoxy.org/toggle

Tip: To make apps that use http such as wget, lynx, curl etc. use tor automagically put this in your .profile, or .bashrc etc:

```

http_proxy=http://127.0.0.1:8118/

HTTP_PROXY=$http_proxy

export http_proxy HTTP_PROXY
```

This is probably a dumb idea for most people, since it will slow down wget when used by emerge. Not good!

Troubleshooting: The above steps should work for most machines. If you have strict firewall rules you'll need to allow local connections to port 8118 and port 9050. If your firewall blocks outgoing connections, punch a hole so it can connect to TCP ports 80, 443, and 9001-9033.Last edited by Pythonhead on Sat Mar 12, 2005 6:18 am; edited 17 times in total

----------

## Deranger

This is pretty nice, I am going to try this with DC++ and Firefox...I will report how it goes  :Razz: 

Thanks for this tip, Pythonhead!

----------

## Greven

Post this on the Gentoo-wiki.  The forums fill up to fast, and this is a great tip.

----------

## ewan.paton

whenever i add forward-socks4a / localhost:9050 . into the config i get an error connecting to any website and a bunch of privoxy options i read tor had been on slashdot and was wondering if they were down

edit ignore me i thought it was either as root or user not both needed to done

----------

## TecHunter

good howto

But anyone knows how to supply anonymous service for the computers in lan on the gateway?

----------

## Eejay

Dose this method work with SUSE Linux 9.2 professional edition along with a KDE/ Konqueror web browser  

I know, This forums for people who use Gentoo Linux but everyone keep telling me that Gentoo Linux would be to difficult for me to use and recommended SUSE Linux.

I went through life living hell installing SUSE Linux so I don't want to make any mistakes and have to go through the nightmare of having to install SUSE again.

----------

## troworld

I just posted this article at Gentoo Wiki with some additions/changes. You may have to refresh the page a few times to get to the article, since the wiki is suffering from some weird problem, where all links get you to a random page the first few times you try them.

----------

## prolific

ok i tried tor with a few irc servers ... it works but i get banned from the irc servers and get a msg saying forward dns doesn't match reverse dns .... if anyone finds an EFNET server that allows tor to go through, post here ..    :Smile: 

----------

## elabdel

Hello and thank you for this topic

Now I can browse the web anonymously, but somes targets (ports) witch were closed or hiden are now opened.

http://www.auditmypc.com/freescan/scanoptions.asp

How could I hide targets with a firewall and what firewall is easy to use.

----------

## zephyr1256

Works very well for me, not too slow, and I can browse the regular internet anonymously, unlike freenet(which was way too slow, has been known to produce so much traffic it caused my soho router to reset, and didn't help with anonymity on the internet in general).

Almost perfect.  Almost, the one problem is that some secure login sites do not work if you are using tor.  Simple enough, I can use another browser for those sites and have the best of both worlds.

edit:  Another odd thing I've noticed, when using the proxy, is that google usually thinks I'm from some other country because it regionalizes based on location of the detected ip of the client.  Search still works, but it may alter the results, and certainly results in me seeing stuff in different languages on the google site.  Fortunately the links it returns so far are usually English language sites, so its still usable.

----------

## Joseph_sys

```
$ /usr/bin/tor -f  ~/.tor/torrc
```

Do I need to start tor as user and run it in a background?

When I start it as user it doesn't return to command prompt. 

Do I need to start it in a background?

Does anybody know how to ad this code to one of the Firefox profiles?

----------

## troworld

To run that command in the background, add a "&" at the end, so:

```
$ /usr/bin/tor -f  ~/.tor/torrc &
```

I don't use Firefox, so I don't know how profiles work, but you could always write a two-line bash script that would contain the above tor line and the firefox command. Then you could run that script instead of /usr/bin/firefox (or whatever it is in your case).

----------

## Pink

nm: read it again and found the obvious answer   :Embarassed: 

----------

## Master One

That's pretty amazing, just doing some tests with tor in client mode on a local proxyserver (lan -> squid -> privoxy -> tor -> inet), which works pretty impressively fast.

BTW There is an option in the torrc to have it run in daemon mode, so no need to start it with '/usr/bin/tor -f  ~/.tor/torrc &'.

Why is there no init script for this software?

----------

## Master One

BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that?

----------

## etnoy

 *Master One wrote:*   

> BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my 
> 
> internal IP address works, and how to prevent that?

 

I'd also like to know that.

----------

## Joseph_sys

 *Master One wrote:*   

> BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that?

 

It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.

Correct me anybody if I'm wrong.

----------

## etnoy

 *Joseph_sys wrote:*   

>  *Master One wrote:*   BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that? 
> 
> It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
> 
> Correct me anybody if I'm wrong.

 

I see that, but I also see the following:

```
Notice!

Our system detects your internal IP address as 192.168.0.12 and your external address as XX.XXX.XX.XXX  Your internal IP should be hidden whereas your external is always exposed. 
```

So somehow they can detect my internal NATed IP. How to fix that?

----------

## Ohnodoctor

I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences.

----------

## amiatrome

Nice! This will come in very handy on my laptop.   :Wink: 

----------

## Master One

 *Ohnodoctor wrote:*   

> I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences.

 

Quite insteresting, but I only use Konqueror.

Is this a normal plugin, that can be used in Konquerer as well, or is there something similar especially for Konqueror?

BTW Does anybody have any experience with Azureus running over TOR? At the moment I am using mldonkey, but it has no SOCKS support (tried it with http_proxy connecting to my squid -> privoxy -> tor line, but this does not work at all). If someone could confirm, that Azureus is working fine with tor, it would be a great step forward in anonymous P2P usage, and I really would consider swapping from mldoney to Azureus.

----------

## OverlordQ

 *etnoy wrote:*   

>  *Joseph_sys wrote:*    *Master One wrote:*   BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that? 
> 
> It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
> 
> Correct me anybody if I'm wrong. 
> ...

 

Um, disable Java?

----------

## OverlordQ

 *Master One wrote:*   

>  *Ohnodoctor wrote:*   I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences. 
> 
> Quite insteresting, but I only use Konqueror.
> 
> Is this a normal plugin, that can be used in Konquerer as well, or is there something similar especially for Konqueror?
> ...

 

You shouldn't use Tor for Az since it mainly can't handle the traffic, but if you'd FGI, you'd come up with this link:  http://azureus.sourceforge.net/doc/AnonBT/

----------

## sprite

this is a badass guide =] and to top it off, the switchproxy plugin is incredible... thanks~

tag for refrence..

----------

## Ateo

This is a great tip. However, it doesn't seem practical when browsing slows. I understand the original author said it's not practical for daily browsing.... So what's the point of this?

Also, I have found that I need to restart both the proxy and tor frequently in order to browse. Nonetheless, it does work. I have a admin access to a phpbb forum and thus checked my IP. They are always different.

----------

## Pythonhead

re: internal ip detected: Its definately javascript who is betraying you.

I'm working on a wrapper script for starting Firefox in "tor mode" with javascript disabled, proxy set to privoxy etc, which I'll post on the tor wiki.

 *Ateo wrote:*   

> 
> 
> I understand the original author said it's not practical for daily browsing.... So what's the point of this? 

 

I'd guess it isn't practical for most people, depending on what country you live in and what you're doing online.

Heres a couple dozen reasons why you might want to run tor:

http://tor.eff.org/cvs/tor/doc/tor-doc.html

The tor developers/users are active and friendly on irc. Join #tor on the OFTC irc network if you have any unanswered questions left or want to help with testing, writing documentation etc.

----------

## goofus

tor and privoxy are working for http but how can i set kvirc up to use tor? it wont work for me.  :Sad: 

----------

## etnoy

I miss an initscript for this great software. If I would have time I'd write one.

----------

## Master One

```
#!/sbin/runscript

depend() {

        need net

}

start() {

        ebegin "Starting tor"

        start-stop-daemon --start --quiet --exec /usr/bin/tor

        eend $?

}

stop() {

        ebegin "Stopping tor"

        start-stop-daemon --stop --quiet --exec /usr/bin/tor

        eend $?

}
```

And dont't forget to set

```
## Uncomment this to start the process in the background... or use

## --runasdaemon 1 on the command line.

RunAsDaemon 1
```

in /etc/tor/torrc

----------

## linux_girl

i am into a lan and have an external ip (router) but my network is firwaled

[EDIT]

you cant connect to my box

[/EDIT]

can i make my sshd server (my box @work) aviable to the outside world without using socat+tor to connect to it 

the step described to make a service aviable are quite confusing

----------

## humpback

Latexer is a bit busy, so i did some changes to the script and notes in bug https://bugs.gentoo.org/show_bug.cgi?id=75381 and added tor-0.0.9.4-r1.ebuild to portage.

You can now added (after setting up) privoxy and tor to the startup of the machine ( rc-update add tor default ) and dont have to deal with starting up everytime you log in.

I'll probably release a -r2 in a few days where i'll patch the torrc.example to have a few more options (User, Group, data and logs directories) already setup.

As always please try and report in that bug.

If you have a fast connection consider running a server for others to improve thei experience.

----------

## Nossie

 *Ateo wrote:*   

> This is a great tip. However, it doesn't seem practical when browsing slows. I understand the original author said it's not practical for daily browsing.... So what's the point of this?
> 
> 

 

I have been using Tor for about 2 months now. There are times that it is unacceptably slow, but usually it is just a little slower than a direct connection (noticeable but acceptable).

In January the network crumbled when a lot of people started to route bittorrent traffic over Tor. The bittorrent ports are now blocked in the default config (although server admins can decide to open them), and this reduced the latency of the network a lot.

Keep in mind that there are only about 45 to 50 servers at a time (at this moment) that exit to port 80.

All thing considering, the latency is surprisingly low for the current size of the network in combination with the number of users.

http://images.noreply.org/tor-running-routers/totalBiWeekly.png

If you can, please consider running a Tor server. More servers will improve the Tor network tremendously.

Nossie

----------

## linux_girl

 *OverlordQ wrote:*   

>  *etnoy wrote:*    *Joseph_sys wrote:*    *Master One wrote:*   BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that? 
> 
> It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
> 
> Correct me anybody if I'm wrong. 
> ...

 

or may be add a regexp in privoxy filters to clean this trick out.

----------

## linux_girl

does someone has a howto for :

INET | tor | privoxy| squid===>localhost:someport

INET | privoxy| squid===>localhost:aDifferent port

|----------------------------|

this may asume to have 2 privoxy runing with diff conf

with switch proxy this will be cool

----------

## thoughtform

i've recompiled irssi with socks5 and i'm trying to use it thru a socks4/5 proxy.

i get errors saying the proxy server couldn't handle the request.

07:04 -!- HTTP/1.0 407 Proxy Error

07:04 -!- Proxy-Authenticate: Basic realm="Proxy602"

07:04 -!- Content-type: text/html

07:04 -!- Pragma: no-cache

07:04 -!- Cache-control: no-cache

07:04 -!- Content-length: 253

07:04 -!- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

07:04 -!- <html><head><title>Proxy Error</title></head>

07:04 -!- <body><h1>Proxy Error</h1>

07:04 -!- The proxy server could not handle this request.

07:04 -!- <p>

07:04 -!- <b>The proxy server could not handle this request.</b>

07:04 -!- </body></html>

i can get xchat to work with a proxy but i'd rather have irssi. anyone have this working?

http://www.irssi.org/?page=docs&doc=startup-HOWTO#c10

irssi can be compiled with socks support (--with-socks option to configure), but I don't really know how it works, if at all. /SET proxy settings don't have anything to do with socks however.

----------

## NightTwix

 *linux_girl wrote:*   

> does someone has a howto for :
> 
> INET | tor | privoxy| squid===>localhost:someport
> 
> INET | privoxy| squid===>localhost:aDifferent port
> ...

 

i made 2 scripts

They are not the exact solution for your problem but they are useful for switching between tor and non-tor without changing the client properties

# cat switch-privoxy.pl

```

/bin/sed -i 's/forward-socks4a \/ localhost\:9050 \./\#forward-socks4a \/ localhost\:9050 \./' /etc/privoxy/config

/etc/init.d/privoxy restart

```

# cat switch-tor.pl

```

/bin/sed -i 's/\#forward-socks4a \/ localhost\:9050 \./forward-socks4a \/ localhost\:9050 \./' /etc/privoxy/config

/etc/init.d/privoxy restart

```

well it's quick and very dirty.

but at least it works.  :Wink: 

----------

## snakattak3

How can we set up an access list or something, to make certain sites not use tor/privoxy. i.e- my routers web address (http://192.168.2.150) doesn't get resolved correctly. Is there a way to make privoxy/tor go directly to a certain website?

[Edit]

Konqueror has an access list, to do exactly that. It will not use privoxy for those websites, so I guess that works for me, but not sure about any other browsers.

----------

## NightTwix

 *snakattak3 wrote:*   

> How can we set up an access list or something, to make certain sites not use tor/privoxy. i.e- my routers web address (http://192.168.2.150) doesn't get resolved correctly. Is there a way to make privoxy/tor go directly to a certain website?
> 
> 

 

Isn't there a "do not use proxy for following adresses" option in most browsers?

That should do the job. i mean, thats what it's for...

----------

## franky999

 *linux_girl wrote:*   

> does someone has a howto for :
> 
> INET | tor | privoxy| squid===>localhost:someport
> 
> INET | privoxy| squid===>localhost:aDifferent port
> ...

 

I'm very interested in this. I have a gateway set up which runs privoxy and tor like this. I would like the possibility for other computers on the network to use privoxy without using tor. Is there some way I can have privoxy listen on different ports and forward everything to tor when accessed through on port, while making direct connections when requests come in through another port? I don't want to turn off tor as a whole, since some users might still want to use tor, while others don't.

Cheers.

----------

## gatiba

I've followed this howto but i can't browse any site!

It gives me always error 503 - connection failed...

Anyone can help?

----------

## karan

I keep getting a 404 privoxy page saying host couldn't be resolved when I try and use Privoxy and Tor together.

When I remove this line, privoxy works properly.

```

      forward-socks4a / localhost:9050 .

```

I am trying to run it over a LAN, I have configured TOR to bind over 0.0.0.0 , and privoxy to my 10.0.0.1/16.

I know privoxy is working because the ads/popups have stopped when I use it. TOR seems to be causing this. 

Any Idea's?

----------

## karan

 *karan wrote:*   

> I keep getting a 404 privoxy page saying host couldn't be resolved when I try and use Privoxy and Tor together.
> 
> When I remove this line, privoxy works properly.
> 
> ```
> ...

 

Oops, silly me.

The problem was me saying forward-socks4a / localhost:9050, when I wasn't binding to localhost.

Changing it to 0.0.0.0 made it work, thanks.

----------

## Rainmaker

I just installed this. First thing I noticed: it is SO SLOOOWW, in my case at least. Online speed tests go from 1100 kb /s to barely 60 kb/s.

The idea is nice though,but I guess I need a few more servers in my neighberhood for the speed difference to be acceptable. Is there a config option to only pick certain peers, or only pears from say, western europe?

One more question. Not sure if this is appropriate though.I've been amazed by the script on this page <--------- WARNING, explicit content.

There's a script on the above page which showes me contact ads, not only from people in my country, but in my CITY. This even works with tor on (I was expecting something like "women from tokio"). How do they do that?? Is that javascript or what?

----------

## Rainmaker

ok, I figured out this is a privoxy thingie. If I let firefox use the socks5 proxy on 9050 directly, it works at about 700 kb/s. Still slower, but a LOT better then the 60 kb/s I was getting.

Any ideas on why privoxy is so slow? I didn't change anything in the default config, except that forward line...

----------

## Wi1d

 *Scorpaen wrote:*   

> i can get xchat to work with a proxy but i'd rather have irssi. anyone have this working?.

 

Ditto and bump. I've tried everything Scorpaen said and I have the same problem on gentoo and freebsd. It works fine with xchat and all IMs just not irssi.  :Mad: 

----------

## St. Joe

 *Rainmaker wrote:*   

> Any ideas on why privoxy is so slow? I didn't change anything in the default config, except that forward line...

 

I tried it out in Opera and what I noticed was that it basically disabled how my browser cache functions. This seems to impact the rendering speed significantly. On a webpage that has a lot of graphics (such as a forum) the difference can be rather substantial. But on predominately text-based pages I found privoxy to play no role in any perceived slow down.

----------

## vputz

 *franky999 wrote:*   

>  *linux_girl wrote:*   does someone has a howto for :
> 
> INET | tor | privoxy| squid===>localhost:someport
> 
> INET | privoxy| squid===>localhost:aDifferent port
> ...

 

Well, I sorta have this going.  But basically I think I have it running like this:

INET | privoxy | squid ==>localhost:aPort

INET | tor | privoxy ==>localhost:aDifferentPort

And the way I had to do it is was to run two sessions of privoxy, configured differently, one going to tor and one without.  Since the startup scripts didn't want to play this game, I actually wound up with a stupid but effective hack, simply copying the "privoxy" binary to "privoxy-tor" and making a second configuration for the privoxy-tor program.

I haven't bothered doing the same for Squid, because the Tor browsing is just plain slow and when I did send Squid through Tor, it didn't seem to make a big heap of difference, though it did make a difference.  I should try it some time--it's not like I don't have the disk space to run two squids.  Just seems a bit silly.

-->VPutz

----------

## Mystilleef

Tor and Privoxy won't start for me.

Error log from tor

```

Sep 22 03:28:36.348 [err] init_from_config(): Acting on config options left us in a broken state. Dying.

Sep 22 03:28:49.197 [notice] Tor 0.1.0.14 opening log file.

Sep 22 03:28:49.197 [notice] Initialized libevent version 1.1a using method epoll

Sep 22 03:28:49.197 [warn] connection_create_listener(): Could not bind to port

9050: Cannot assign requested address

Sep 22 03:28:49.197 [err] options_act(): Failed to bind one of the listener ports.

Sep 22 03:28:49.197 [err] init_from_config(): Acting on config options left us in a broken state. Dying.

Sep 22 03:28:55.534 [notice] Tor 0.1.0.14 opening log file.

Sep 22 03:28:55.534 [notice] Initialized libevent version 1.1a using method epoll

Sep 22 03:28:55.534 [warn] connection_create_listener(): Could not bind to port

9050: Cannot assign requested address

```

Your suggestions are appreciated.

----------

## Bob P

i've got a question about this -- after reading the background information on the Tor website, what makes everyone think that using Tor increases your privacy instead of decreasing it?

some things to consider:

1.  Tor was developed by the ONR and DARPA.   :Exclamation: 

2.  By passing your information through Tor, users are collectively facilitating the creation of a centrallized data repository, thereby facilitating data mining through traffic analysis.

3.  Whoever controls the routers controls your data -- they also have the ability to log interesting packet content to a database and mine it.

4.  Who has the resources to provide this kind of service, what its their motive, and why should you trust them?

5.  Just because I know they're out to get me doesn't mean I'm paranoid.   :Very Happy: 

is this the IP-based equivalent of Echelon?    :Idea: 

----------

## tarnman

I think my ISP already has transparent http proxy. I tried this trick and nothing happened (still showing an IP from my ISP domain name). 

I really dislike this transparent proxy. It prevents me from going to sites that have download quota or IP banlist. Can tor+privoxy work around this?

----------

## artificio

Bob P, those sound like some valid points, is there way way to find out how many routers there are and who they're controlled by? Couldn't every node log the other nodes it's connected to, and send this info to a central server, a roadmap of the network.

I know this defeats the purpose of the network atm... but if this were done rarely it might help determine if any large groups have the ability to capture enough information to render the network useless.

----------

## spengy

 *Bob P wrote:*   

> i've got a question about this -- after reading the background information on the Tor website, what makes everyone think that using Tor increases your privacy instead of decreasing it?
> 
> some things to consider:
> 
> 1.  Tor was developed by the ONR and DARPA.  
> ...

 

I don't think so  :Wink:   Why do people run TOR nodes?  Because they believe in this kind of thing.  I would run one, but I have very crappy upload speeds.  You don't need much.  20 KB/s up is the minumum they want for a TOR server.  There are very flexible bandwidth limiting options.  Please, anyone with the resources who is interested in this sort of thing, run a node.  The TOR network needs them.  

About your privacy concerns though:  It is possbile that some routers in the network can see your data.  The hidden services (which I think is the BEST feature of TOR) are encrypted end-to-end though.

----------

## ahubu

Great post, I remember using it when this was posted, and it was very slow (unusably slow). It's much better today, even though it can still be slow at times. I find it very convenient to use in combination with the quickproxy extension in firefox, a small button that lets you turn the proxy on/off with one click.

----------

## tuber

Could those of you who have Tor and Privoxy working with no problems please take a look at one of my problems: https://forums.gentoo.org//viewtopic-t-410283-highlight-.html Thanks.

----------

## reteo

 *Bob P wrote:*   

> i've got a question about this -- after reading the background information on the Tor website, what makes everyone think that using Tor increases your privacy instead of decreasing it?  Is this the IP-based equivalent of Echelon?   

 

Well, I'm inclined to think that if something was a trick to falsely secure privacy, the EFF would have figured it out by now and not supported it.  Add to that the fact that the protocol and the software is open source, and there are two good reasons right there.

For quotas and/or banlist workarounds, I'm afraid that the only workarounds are to convince more people to run tor exit nodes.

And as for making Tor/Privoxy work on a LAN, I keep it in a simple chain:

* Tor accesses the internet.

* Privoxy accesses tor on Localhost. (I also use the Neil Van Dyke ruleset)

* Squid accesses privoxy on Localhost (I also found there are a few pieces of configuration that eliminates some cracks, such as the VIA reference used by Firefox)

* Squid is then configured to accept connections from the LAN... or, in a paranoid case, I can require a login.

The only problem with this model is that while the sessions are virtually untraceable, the DNS queries are not.

----------

## truekaiser

 *Bob P wrote:*   

> i've got a question about this -- after reading the background information on the Tor website, what makes everyone think that using Tor increases your privacy instead of decreasing it?
> 
> some things to consider:
> 
> 1.  Tor was developed by the ONR and DARPA.  
> ...

 

not to mention many major sites ban on sight when they detect this. especaily many fourms because this is used by spamers..

and yes since tor was developed by the military imho there is some sort of backdoor or purposefull flaw built into the system so it can't be used agenst them. so basicly the people you most likely want to hide from will be the same people your most visable too.

----------

## Houdini

*sigh*

So, I run a Tor server that does about 300 GB/month of traffic.  I'm also an EFF donor.  You could say I have an interest in it.

First of all, TOR is currently an EFF project.  While I haven't scoured the source myself, I have talked to at least one of the developers for it.  While there is the possibility that there are some backdoors, I find it unlikely.  The EFF is a group that values privacy.  Remember that the intent of TOR is to allow people safe anonymity from their governments as well as from citizens.  People in China use this thing to speak their minds.  People in the US use it to safely blow whistles on dangerous practices in their workplaces, even if that workplace is the US government.  If you're the sort of person that believes that the NSA/FBI/whoever can break PGP effortlessly and can snoop on your SSH sessions, TOR isn't much help.  If that's not you, it's probably safe.

Second, a request.  Don't be a jackass.  I don't run this to allow you to download music without the RIAA knowing about it.  I don't run it to allow you to hassle IRC networks or forums.  I run it for freedom of speech.  While I won't monitor what goes on in it, I will block obvious abuses such as most filesharing clients.  Yes, I know, there's the possibility that someone needs to spread some vital freedom of speech material via BitTorrent.  It's not likely.

Fitting in with the above, don't break in to shit via TOR.  I know, it sounds like the perfect way to hide a crime.  Doing so may result in individual servers being taken down, either by legal force or just because they don't want to talk to the FBI anymore.

If you value what TOR does (protecting freedom of speech), don't abuse it.

----------

## RogerPhuket

I'm running Firefox 1.5.0.1, TOR 0.1.16, TORCP 0.0.4, Privoxy 3.0.3 and SwitchProxy 1.3.4 (a Firefox extension) on Windows XP SP2.

My apologies if this is not the right forum to ask this question.

TOR works fine EXCEPT that I can't get Firefox to ignore TOR and Privoxy for IP addresses that I don't want to go through TOR and Privoxy. These addresses are accessed using the "Edit" function in the "SwitchProxy" toolbar: it displays a "Proxy Info" window that has a box labelled "No proxy for:" and contains, by default, "localhost, 127.0.0.1". I've added other IP addresses so that the box now contains: "localhost, 127.0.0.1, *google.com*, *hotmail*, *loginnet.passport*"... and a few others.

But all these addresses still go through Privoxy - I can see them being accessed in the Privoxy window.

When I use Internet Explorer, these sites do NOT go through Privoxy and TOR after I change the Control Panel/Internet Options/Connections/LAN Settings/Advanced/Exceptions" box to contain the same names (but separated by semi-colons): "*google.com*; *hotmail*; *loginnet.passport*"

I could keep tinkering, but I wondered if anyone could point me in the right direction? 

For example, where - in TOR - is the exception list? Can I edit it there rather than use the Edit function of the SwitchProxy extension.

Or, have I got the syntax wrong in the "No Proxy for:" box?

Any help gratefully received!

----------

## Erlend

Just so that I am absolutely certain that I am not running a tor node, could someone please explicitly tell me what change I would make to the config files if I did want to run a tor server please?

----------

## tek0

I setup privoxy and tor on my router, set tor to bind to localhost and privoxy to forward to localhost:9050 and listen to 192.168.168.1:8118, which is my LAN. I'm trying to use it from 192.168.168.3, and I can do things like toggling privoxy over the web interface, which also tells me privoxy would be up and running, but when I access http://www.privoxy.org/config/ , I am told that "Privoxy is not being used.", even from the router, and with forwarding to tor disabled.

Connecting to web pages is incredibly slow and cookies seem to be filtered strongly, so I assume it's sort of working...

----------

## softwind

The support guys at IRC says that Tor should be started before privoxy.  But the rc-update thing always start privoxy then Tor.

Is this going to be a problem?

Also, I recently updated to the latest stable version in portage.  And when it starts in rc-update, it gives me 2 additional notices.  Before the update, I only got the "Do not rely on it for strong anonymity" or something.  Now I am also getting a "libevent version 1.1a" and "connection_create_listener."  Is this suppose to happen in the new version?  Or did something go wrong when I updated?

----------

## xiando

 *artificio wrote:*   

> Bob P, those sound like some valid points, is there way way to find out how many routers there are and who they're controlled by? Couldn't every node log the other nodes it's connected to, and send this info to a central server, a roadmap of the network. I know this defeats the purpose of the network atm... but if this were done rarely it might help determine if any large groups have the ability to capture enough information to render the network useless.

 

The Tor exit nodes can log what websites they connect to and pull down.

I use way too much money on running 5 high-bandwidth Tor exit nodes. Because I believe in anonymity.

For all I know, DoD-controlled NSA are running 20. They probably are.

Now. I can log everything exiting from my 5 exit nodes. But I would not be able to know who are pulling those pages/that traffic. I would only be able to see that someone out there are pulling these pages. Thus; the data would not only be useless, it would be dangerous to log it: If someone were to look at the Tor servers logs, they would see that this server has been accessing whatever. Which is why honest Tor operators generally want to log as little as possible. But my main point is that those running exit nodes who do want as much information as possible can not see who is asking for the traffic they are monitoring.

However, if you monitor someones, say your, Internet connection AND you are running the exit node that node is exiting for then you would be able to match A going from your node with B going from the exit. Which is why we always need more exit nodes.  :Very Happy:  See, if DoD is monitor your Internet connection and there's 700 exit's they are not watching then .. well, you're quite safe that they can't see anything but Tor traffic which makes no sense to them from your exit.

Does the Tor source code have back-doors? The only way to find out is to look at it and check it for yourself. I haven't done that, for all I know it could be filled with NSA terrorism. But being it's open source I assume that if someone had found a back-door they'd exposed it; which is also the reason I find it not likely there is one in there. But as said, if you're wondering, go check.

----------

## theNewGuy

I'm trying to get tor to work on my linux system, but have had no success so far. I followed the instructions in the wiki and installed tor 0.1.1.23 and privoxy. Then I set up firefox to use privoxy with torbutton.

When I switch tor on I can't visit any web sites. Everything I type into the address bar (URLs, IPs) takes me to the same page. The page says:

 *Quote:*   

> 404  	
> 
> This is Privoxy 3.0.3 on my.COMPUTER (127.0.0.1), port 8118, enabled
> 
> No such domain
> ...

 

(Of course, not every address is google.)

I can't figure out what's wrong here. I followed the relevant parts of the howto in the wiki, but it's not working. Can anyone help me out?

----------

## yesi

hi,

i've just discovered the " hidden service" and i don't think that i need tor to go the internet.

but i try to understand tor and the "hidden service" to run irc, especially to go to irc.freenode.net with irssi.

there's http://freenode.net/irc_servers.shtml that explain how to do it but i didn't really understand it...

would someone explain me that?

the one thing i'd like to try is to access to Freenode via Tor...

thanks in advance.

----------

## gubbs

BUMP!

Thanks for this. I followed the steps and had a SOCKS 5 proxy routing all my traffic through Tor within minutes.

I now run a Tor node (donating 20kb/s up/down 24/7) and enjoy the benefits of more secure internet usage.

Couple of points to emphasize to would-be users:

1.Read the Tor overview before deciding this is for you:

http://tor.eff.org/overview.html.en

2. Tor is not something you should rely on as a total anonymiser solution. 

Use SSL as well to cover your entry and exit. Also be aware virtual machines ie JAVA can 

open up tunnels of their own and broadcast/snitch on you. Web browsers (javascript), p2p software etc.

Everything discussed in this thread is food for thought. If you really have something to hide, this isn't the solution.

Remember, anyone can become a Tor server/node.

Its not going to protect you against a co-ordinated and determined attack.

Its more than adequete to keep you private at home and play and on IRC, MSN etc.

3. Think about donating some bandwidth and becoming a server!

So what should I expect if I run a server?

If you run a Tor server that allows exit connections (such as the default exit policy), it's probably safe to say that you will eventually hear from somebody. Abuse complaints may come in a variety of forms. For example:

    * Somebody connects to Hotmail, and sends a ransom note to a company. The FBI sends you a polite email, you explain that you run a Tor server, and they say "oh well" and leave you alone. [Port 80]

    * Somebody tries to get you shut down by using Tor to connect to Google groups and post spam to Usenet, and then sends an angry mail to your ISP about how you're destroying the world. [Port 80]

    * Somebody connects to an IRC network and makes a nuisance of himself. Your ISP gets polite mail about how your computer has been compromised; and/or your computer gets DDoSed. [Port 6667]

    * Somebody uses Tor to download a Vin Diesel movie, and your ISP gets a DMCA takedown notice. See EFF's Tor DMCA Response Template, which explains to your ISP why it can probably ignore the notice without any liability. [Arbitrary ports]

You might also find that your Tor server's IP is blocked from accessing some Internet sites/services. This might happen regardless of your exit policy, because some groups don't seem to know or care that Tor has exit policies. (If you have a spare IP not used for other activities, you might consider running your Tor server on it.) For example,

    * Because of a few cases of anonymous jerks messing with its web pages, Wikipedia is currently blocking many Tor server IPs from writing (reading still works). We're talking to Wikipedia about how they might control abuse while still providing access to anonymous contributors, who often have hot news or inside info on a topic but don't want to risk revealing their identities when publishing it (or don't want to reveal to local observers that they're accessing Wikipedia). Slashdot is also in the same boat.

    * SORBS is putting some Tor server IPs on their email blacklist as well. They do this because they passively detect whether your server connects to certain IRC networks, and they conclude from this that your server is capable of spamming. We tried to work with them to teach them that not all software works this way, but we have given up. We recommend you avoid them, and teach your friends (if they use them) to avoid abusive blacklists too.

http://tor.eff.org/faq-abuse.html.en#HowMuchAbuse

Thanks again for the great heads-up!

As far as I can tell, the gentoo method of installing and configuring is the easiest there is. Good to know.  :Wink: 

----------

## bobber205

Can someone explain to me legitimate reasons to use this?

----------

## Beetle B.

I know it's an old post, but I couldn't let it end with this question:

 *Quote:*   

> Can someone explain to me legitimate reasons to use this?
> 
> 

 

I'll suggest the obvious: Browsing the Web.

----------

