wiki:doc/TorifyHOWTO

Version 459 (modified by proper, 8 years ago) (diff)

typo

Introduction

This document explains how to configure particular programs to use Tor. As Tor constantly evolves also the knowledge about anonymity evolves. Things become more and more complex. In the past you did just go ahead and torified applications like Mozilla Firefox yourself. This is no longer recommend as we learned a lot about possible leaks, which will be described in a following chapter.

Do not torify any applications yourself unless you exactly know what you are doing! Of course you are free to understand the complexity, to research and to provide new instructions. See this article more as a reference for developers and advanced users, if you aren't one of them, for your own security, rather stick with the Tor Browser Bundle form torproject.org.

It was originally written for a Linux/UNIX environment. It should include some instructions for Windows and OS X users too. You should read the documentation at https://www.torproject.org first.

For wiki editors

Use only link identifiers which start with a letter or the underscore character (_) and don't use identifiers with spaces inside them. Things like that make the page invalid (X)HTML and nobody wants that. Feel free to edit this page --- it's a wiki, after all, driven by your contribution!

pending text for deletion

"If you're using anything that needs some exotic workarounds..., or your distribution doesn't use SysV (/etc/init.d/ startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific." - (proper) I don't think the part after ... is valid anymore. Delete it?

"Since most programs use similar locations for various settings, the following examples will get you going most of the time."
"Note that this is a very brief document on how to make various programs use Tor as a proxy." - (proper) Delete it?

UPDATE for TBB (Tor Browser Bundle) users

The Tor Browser Bundle contains prepackages for your Tor, Vidalia and Firefox tweaked for anonymous usage (patches, addons, etc.). Tor and Vidalia are the same like in the other packages. The difference is, once you close Firefox, also Tor and Vidalia will be closed. If you don't wish Tor/Vidalia to be closed when you close the Tor Browser, you can use a workaround such as an external minimize to tray application. Then the Tor Browser will not be closed but out of your way. And you can continue to use Tor/Vidalia.

The TorifyHOWTO below assumes that Tor is running. Which will not be the case once you closed the Tor Browser (described above). If you know what you are doing (see "UPDATE and WARNING" above), there is no reason, not to use Tor/Vidalia, like described in the following TorifyHOWTO. Tor still offers a SocksPort on port 9050. No one stops you from using stuff like torsocks/usewithtor pointing to the standard port 9050, there are no changes needed, beside that Firefox has to remain open (at least hidden or in tray).

Alternative you could also use a second Tor instance and let it listen on another port.

WARNING

Proxy and socks settings

Proxy and socks settings are mostly implemented by programmers to improve connectivity, not anonymity.

Many people think developers implemented the applications proxy settings with anonymity in mind. That is a big mistake. They did not. See Bittorrent and Tor example.

Protocol leaks / application uses advanced techniques to determine your external IP

Many applications have been written to work around firewalls and blocking internet service providers, such as Bittorrent clients and Skype. No matter if you use "correct" proxy settings (socks4a) and/or external applications for torification, some applications will use advanced techniques to determine your external non-Tor IP. Like said before, those applications were never made with anonymity in mind, but with evading firewalls.

Metadata

metadata can be as risk. Click MAT and read 'What is a metadata ?' and 'Why metadata can be a risk for your privacy ?'

Writing Style Analysis

When you post some stuff online using Tor and some while you are not on Tor, you are at risk, for example if you make the same mistakes.

Exit Nodes Eavesdropping

In the Tor FAQ you must read the section "Can't the third server see my traffic?". In short: every exit node can spy your unencrypted exit traffic and even worse, inject malicious code into the stream. Be aware of that.

Do not connect to any server anonymously and non-anonymously at the same time!

For example do not connect this way to webservers, do not download this way and also do not join IRC servers this way. Once your internet connection breaks down, all your connections will break and it won't be hard for an adversary to guess what's up.

Do not mix Modes Of Anonymity!

Choose your Mode Of Anonymity. Do not mix them within the same Tor-Workstation and Tor online session. Due to possible identity correlation through circuit sharing, de-anonymization is at risk.

Firefox with Tor, other browsers

In the past the given advice was much smaller

  • to use a separate Firefox profile
  • to deactivate java/javascript/plugins, delete cookies
  • avoid DNS leak

Nowadays the knowledge and security precautions are much higher, if you're interested in how complex things became see The Design and Implementation of the Tor Browser [DRAFT].

The Tor Dev Team transformed Firefox into the Tor Browser, to help achieve better anonymity:

If you understand all of that, that's great, now you can torifiy yourself. Otherwise better to not try to torify Firefox or any other browsers such as Opera yourself.

To use the Tor Browser Bundle without the bundled Tor/Vidalia on Linux:

./App/vidalia --datadir Data/Vidalia/

to

./App/Firefox/firefox -profile ./Data/profile
  • right click on Tor Button -> preferences -> switch to 'Transparent Torification (Requires custom transproxy or Tor router)'
  • If you use SocksPort instead of TransPort (recommended) select "use custom proxy settings", leave everything blank above SOCKS Host. There enter the IP of Tor-Gateway (192.168.0.1) Port is the browser SocksPort as set in torrc (TorBOX uses 9100). Select SOCKSv5, you can leave "No Proxies for" as is.

https://check.torproject.org may tell you that a new update is available even if there isn't. That's because Tor Check doesn't support TorBOX. Manually check for updates every now and then!

Mail Clients

Do not use any e-mail clients if you are not absolutely sure what you are doing. Many points listed under Web-browser are also valid here. TorButton for Thunderbird is unfortunately just an idea and no one has started working on it. It's unknown which mail client is safe for Tor. In meanwhile stick to webmail through Web-browser. Deactivate html and pictures in your webmail settings. Pure text mails are safer and stop Web bug's. Prefer to encrypt your connection to your webmailer (either using SSL or hidden service). It's also recommend to encrypt your mails end-to-end using GPG.

Torifying Mozilla Thunderbird is definitely harder than "just use socks4a", first probable thing to leak would be the flash plugin. Many things mentioned in The Design and Implementation of the Tor Browser [DRAFT] also apply for Mozilla Thunderbird. Until there is an official Tor mailclient, you unfortunately have to stick with webmail.

You do not have to believe the statements of any random wiki contributor. Do believe the official warnings from torproject.org.

Quote: "Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser Bundle. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with the Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor."

Bittorrent and Tor

Just google for Bittorrent and Tor. What you will find is ethical advice "do not use Tor with Bittorrent as Tor isn't designed for that and can't handle the load" and technical advice.

  • use proxy settings to torify
  • use socks4a to prevent DNS leak

What's the problem with this?

  • no one cared to use a packet sniffer to see if it's working
  • the application does not honor the proxy settings
  • the protocol itself will leak your IP

Tor inside Tor

When using a transparent proxy it is possible to start a TOR session from the client as well as from the transparent proxy, creating a "tor over tor" scenario. Doing so produces undefined and potentially unsafe behavior, see "MultiTor" for more information.

Skype

Skype usage is highly discouraged. It can be used for leak testing purposes as it's very good with firewall tunneling. Skype is closed source and users have no control over the encryption keys used. Skype can therefore decrypt and monitor communications arbitrarily. It is unwise to communicate in an unsafe manner over Tor. Skype also collects a large amount of personal data and reports back to a central server.
Source: Skype reads your BIOS.

Software updaters

Do not use automatic software updates over Tor that do not verify downloads. Operating system updates are generally secure. If you use Linux and only apt-get/yum you are fine. 3rd party applications on Windows are likely problematic. If the updates aren't signed/authenticated malevolent exit nodes can change what code is downloaded and installed and thereby gain remote code execution.

If you don't use a generic system (such as Tails or TorBOX-Workstation) the software update can leak identifying fingerprints (what software and versions are installed) to exit nodes and repository mirrors.

Ubuntu Software updates are vulnerable against "stale-proxy" attacks. The exit node or exit nodes ISP could prevent you from seeing new updates. To circumvent this, switch your identity after (trying) to update and check for updates again. (Source: see our Dev page under "encrypted update download")

SSH

'ssh some.host' will leak your unix username. If you do 'ssh theloginyouwant@…' it will not leak your username.

Terminology

  • torify; torification: The generic term. Either by proxification, socksification, transsocksification. Take measures to ensure, that an application, which has not been designed for use with Tor (such as TorChat), will to use only Tor for internet connections. Also ensure that there are no leaks from DNS, UDP or the protocol.
  • proxify; proxification: Not exclusively a Tor term. Has two meanings. a) Use the proxy settings of the application and add a http or socks proxy. b) Use an external wrapper to force the application to use a http or socks proxy.
  • socksify; socksification: Not exclusively a Tor term. Has two meanings. a) Use the proxy settings of the application and add a socks proxy. b) Use an external wrapper to force the application to use a socks proxy.
  • transsocksify; transsocksification: Not exclusively a Tor term. Redirect an application or operating system transparently through a socks proxy using a gateway and/or packet filter. (example: Tor's transparent proxy; Squid)
  • Unauthenticated: You can not be sure with whom you are exchanging data. A MITM (such as a Tor exit node or ISP) can redirect you to a malicious server. They can also inject malicious things into the traffic.
  • Unencrypted: A MITM (such as a Tor exit node or ISP) can see all the traffic in clear text.

Overview about different methods for Torification

There are three different methods to torify applications.

Security overall:

  • Leaks of your real IP address after you got rooted are only impossible, if your machine has no other option than exiting traffic through Tor. (Transparent Proxy [TorBOX]).
  • About protocol leaks (leak of your time zone through CTCP/irc; browser fingerprinting; Bittorent leaks; See warning above!; etc.) you always have to keep care of.

classical / common way: use the application's proxy settings

Advantages:

  • Does not need third party software (wrapper).
  • Only a few proxy settings needed, sometimes a few more settings like 'use remote DNS' needed.

Disadvantages:

  • each application has to be checked and configured against DNS leaks
  • The application is not forced to honor the proxy settings. Some applications such as Skype and Bittorrent (see above) do not care what the proxy settings are and use direct connections anyway. Also once the application is infected it is not forced to honor the application settings anymore.

not so common: use a wrapper: force the application to use a proxy (torsocks/usewithtor)

Advantages:

  • No proxy settings inside the application needed.
  • Nothing like 'use remote DNS' can be forgotten.

Disadvantages:

  • It's a redirector. Not a jail. Applications may still decide to use fancy techniques to archive direct connections. Also once infected it can break out of the redirector.

even less common: use a transparent proxy

Security:

Advantages:

  • No proxy settings inside the application needed.
  • Nothing like 'use remote DNS' can be forgotten.

Disadvantages:

  • more complex and complicated
  • Identity correlation (all application connect through the same Socks- and DnsPort)!

How to torify specific programs

The following pages have good explanations of how you can configure programs to use Tor. Please follow the below mentioned links.

  • SupportPrograms (general overview about support programs)
  • Web Browsers
  • E-mail
  • Instant Messaging
  • IRC
  • SILC
  • FTP
  • Under Misc you will find the following...
    • Unix and Linux Configuration (basic stuff)
    • Mac OS X Configuration (basic stuff)
    • APT
    • GnuPG
    • wget
    • SSH
    • Putty
    • vpnd
    • Subversion (SVN)
    • YUM
    • KsCD and KDE applications in general
    • XMMS - The X Multimedia System
    • nc (netcat)
    • Any TCP-based protocol

Remailing

doc/RemailingAndTor

Credits and Legal Notes

Credits and Legal Notes