wiki:doc/TorifyHOWTO

Version 439 (modified by proper, 8 years ago) (diff)

expanded "UPDATE for TBB (Tor Browser Bundle) users"

Legal stuff - READ FIRST!

WARNING, update and introduction

The first version of this article is already very old. As Tor constantly evolves also the knowledge about anonymity evolves. Things become more and more complex. In the past you did just go ahead and torified applications like Mozilla Firefox yourself. This is no longer recommend as we learnt a lot about possible leaks, which will be described in a following chapter.

Do not torify any applications yourself unless you exactly know what you are doing! Of course you are free to understand the complexity, to research and to provide new instructions. See this article more as a reference for developers and advanced users, if you aren't one of them, for your own security, rather stick with the Tor Browser Bundle form torproject.org.

This document explains how to configure particular programs to use Tor. It was originally written for a Linux/UNIX environment. It should include some instructions for Windows and OS X users too. Note that this is a very brief document on how to make various programs use Tor as a proxy. You should read the documentation at https://www.torproject.org first. Since most programs use similar locations for various settings, the following examples will get you going most of the time. If you're using anything that needs some exotic workarounds, or your distribution doesn't use SysV (/etc/init.d/ startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific.

Feel free to edit this page --- it's a wiki, after all, driven by your contribution!

for wiki editors

Use only link identifiers which start with a letter or the underscore character (_) and don't use identifiers with spaces inside them. Things like that make the page invalid (X)HTML and nobody wants that.

examples and reasoning for the WARNING

Firefox with Tor, other browsers and mail clients

In the past the given advice was much smaller

  • to use a separate Firefox profile
  • to deactivate java/javascript/plugins, delete cookies
  • avoid DNS leak

Nowadays the knowledge and security precautions are much higher, if you're interested in how complex things became see The Design and Implementation of the Tor Browser [DRAFT].

If you understand all of that, that's great, now you can torifiy yourself. Otherwise better to not try to torify Firefox or any other browsers such as Opera yourself.

Torifying Mozilla Thunderbird is definitely harder then "just use socks4a", first probable thing to leak would be the flash plugin. Many things mentioned in The Design and Implementation of the Tor Browser [DRAFT] also apply for Mozilla Thunderbird. Until there is an official Tor mailclient, you unfortunately have to stick with webmail.

Bittorrent and Tor

Just google for Bittorrent and Tor. What you will find is ethical advice "do not use Tor with Bittorrent as Tor isn't designed for that and can't handle the load" and technical advice.

  • use proxy settings to torify
  • use socks4a to prevent DNS leak

What's the problem with this?

  • no one cared to use a packet sniffer to see if it's working
  • the application does not honor the proxy settings
  • the protocol itself will leak your IP

proxy and socks settings

Proxy and socks settings are mostly implemented by programmers to improve connectivity, not anonymity.

People thing they have been implemented with anonymity in mind. That's a big mistake. They're not. See Bittorrent and Tor example.

protocol leaks / application uses advanced techniques to determine your external IP

Many applications have been written to work around firewalls and blocking internet service providers, such as Bittorrent clients and Skype. No matter if you use "correct" proxy settings (socks4a) and/or external applications for torification, some applications will use advanced techniques to determine your external non-Tor IP. Like said before, those applications were never made with anonymity in mind, but with evading firewalls.

UPDATE for TBB (Tor Browser Bundle) users

The Tor Browser Bundle contains prepackages for your Tor, Vidalia and Firefox tweaked for anonymous usage (patches, addons, etc.). Tor and Vidalia are the same like in the other packages. The difference is, once you close Firefox, also Tor and Vidalia will be closed. If you don't wish Tor/Vidalia to be closed when you close the Tor Browser, you can use a workaround such as an external minimize to tray application. Then the Tor Browser will not be closed but out of your way. And you can continue to use Tor/Vidalia.

The TorifyHOWTO below assumes that Tor is running. Which will not be the case once you closed the Tor Browser (described above). If you know what you are doing (see "UPDATE and WARNING" above), there is no reason, not to use Tor/Vidalia, like described in the following TorifyHOWTO. Tor still offers a SocksPort on port 9050. No one stops you from using stuff like torsocks/usewithtor pointing to the standard port 9050, there are no changes needed, beside that Firefox has to remain open (at least hidden or in tray).

Alternative you could also use a second Tor instance and let it listen on another port.

overview, different methods to torify

There are three different methods to torify applications.

  • classic: use proxy settings
  • socksify / proxify: force the application to use a proxy (FreeCap, SocksCap, transproxy, proxyfier, proxychains, torsocks, usewithtor...)
  • transparent proxy

How to torify several programs

The following pages have good explanations of how you can configure programs to use Tor. Please follow the below mentioned links.

Remailing

doc/RemailingAndTor