Table of Contents
- TOR Overview
- Proxy servers
- Torbutton (Firefox Add on)
- Portable Tor (Tor Browser Bundle)
- Installing Tor
- Configure Polipo
- Configure Privoxy
- Tor without a proxy
- Configure your system to use Tor
The wise who are restrained in body, speech and mind - such are the well and truly restrained.
Tor is a tool used for anonymity on the internet. From the Tor home page:
Quote - Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security ...
The Tor network has some limitations and is not known for speed.
Alternates to Tor would be to use a proxy server, such as Privoxy, or a proxy service.
Although you can use Tor without a proxy server, the Tor project suggests using a proxy to improve performance :
You may also find these discussions on the Tor mailing list archives of interest:
Polipo is advised by Tor and is the default proxy used by the Firefox extension Torbutton (see below).
Personally I do not notice a performance difference between polipo and (properly configured privoxy although I find TOR is faster with either proxy.
I would also like to point out, you can configure your proxy according to the TOR documentation, although I personally prefer a few customizations to the default TOR settings and will point them out along the way.
One area of departure is the use of socks5, which can reduce privacy via DNS leaks. With socks5, you may see the following warning in the logs:
[warn] Your application (using socks5 to port 80) is giving TOR only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or scat) instead. For more information, please see http://wiki.noreply.org/noreply/TheOnionRouter/TORFAQ#SOCKSAndDNS.
The link is outdated/broken, see This link
If you receive this warning, either:
- Use socks4a with polipo and privoxy (rather then the default socks5).
- Configure Firefox to use remote DNS resolution.
Because of this potential problem I used socks-4a in this tutorial.
To configure Firefox to use remote DNS resolution , type about:config in your url and type 'socks' in the filter bar. Change network.proxy.socks_remote_dns to true.
TOR now uses polipo by default. The advantages of Polipo are:
- Polipo is the default for Tor and Torbutton so using polipo will minimize editing of configuration files.
- Improve speed with cached pages. Privacy may be compromised (due to the storage of web pages in the local cache). The default Tor polipo configuration disables the cache.
The disadvantage of polipo, IMO, is the lack of adblocking. You can add adblock to polipo.
Privoxy is an alternate proxy and offers additional features including adblocking.
The advantages of privoxy include built in adblock. In addition privoxy offers a finer gain of control and customization.
The main disadvantage of privoxy is that it may break some sites and require manual configuration to fix.
A note on the Default ports (and Tor and Torbutton configuration) :
By default, polipo normally uses port 8123. Both Tor and Torbutton changes the port to 8118, Using port 8118 conflicts with privoxy (causing errors if both polipo and privoxy installed).
If you install both proxies, I would suggest you use port 8123 for polipo and 8118 for privoxy.
Both proxies can be configured via a web interface. By default, the Tor configuration disables the web interface so you will need to edit the configuration files to enable this feature. If you enable the web interface allow access only from localhost or secure it with a firewall.
Privoxy - privoxy web interface
Polipo - polipo web interface
Or if you use the config file from TOR - polipo web interface - Tor config file
The Torbutton is a Firefox add-on that in addition to toggling use of Tor on and off adds a number of additional privacy features.
By default torbutton uses polipo on port 8118.
You can either configure polipo to use port 8118 (configured by default if you use the polipo configuration file from the Tor website) or configure the torbutton to use polipo on port 8123 (default port for polipo) or privoxy on port 8118 (default port for privoxy).
If you use the Torbutton be aware that it blacklists ports 8118,8123,9050,9051 on localhost therefore blocking access to the web interface for both polipo and privoxy.
If you plan to use Torbutton I highly suggest you use polipo on port 8118 (default settings for Tor). You may, of course, use privoxy with Torbutton or use port 8123 with polipo, but if you do so you will need to manually enter the appropriate information into the Torbutton configuration.
TOR is available as the Tor Browser Bundle and has a number of advantages.
- The browser bundle includes TOR, Vidalia, Polipo, and Firefox (Pidgin is also available)
- Everything is pre-configured and runs "out of the box"
- Available cross-platform (Windows, OSX, and Linux)
- No installation is required, just extract the archive
- Will run from a portable device such as a flash drive or usb
The major disadvantage of the tor browser bundle is that the version of Firefox that is included is a bit outdated.
If you are new to TOR, the browser bundle may be a great place to start.
I will cover installation of Tor on Debian/Ubuntu and Fedora.
These instructions are adapted from the official Tor documentation : Tor on Debian lenny, Debian sid, or Debian testing .
Using any method, edit your repositories and add the Tor repository :
deb http://deb.torproject.org/torproject.org lucid main
Ubuntu - Make sure Universe and Multiverse Repositories are enabled.
Add the Tor GPG key :
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
Install Tor and polipo
sudo apt-get update
sudo apt-get install tor tor-geoipdb vidalia polipo
Or, if you prefer, use privoxy :
sudo apt-get install tor tor-geoipdb vidalia privoxy
If you wish apparmor profiles for tor/polipo/privoxy see my apparmor repository
Installing Tor on Fedora is a bit easier as Tor is in the Fedora repositories.
Tor + polipo:
yum install tor vidalia polipo
Tor + privoxy:
yum install tor vidalia privoxy
Install the Firefox extension Torbutton .
Skip this section if you are using Privoxy.
This section is adapted from the Tor documentation.
Tor supplies a configuration file for polipo here. This configuration is well commented and IMO is worth reading.
You can download and copy that file to /etc/polipo/config:
sudo mv /etc/polipo/config /etc/polipo/config.orig
sudo wget https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf \
If you are using Fedora, add the following lines at the top of the tor configuration file:
### Configuration from Fedora RPM
daemonise = true
pidFile = /var/run/polipo/polipo.pid
I prefer a few customizations, including using socks4a (See this discussion), adblock, and a few customizations. Here is my configuration file (without comments).
proxyAddress = "127.0.0.1"
proxyPort = 8123
allowedClients = 127.0.0.1
allowedPorts = 1-65535
proxyName = "localhost"
disableLocalInterface = true
disableConfiguration = true
dnsUseGethostbyname = yes
disableVia = true
censoredHeaders = from,accept-language,x-pad,link
censorReferer = maybe
maxConnectionAge = 5m
maxConnectionRequests = 120
serverMaxSlots = 8
serverSlots = 2
tunnelAllowedPorts = 1-65535
chunkHighMark = 67108864
localDocumentRoot = ""
disableConfiguration = true
#use socks4a for TOR
socksParentProxy = "localhost:9050"
socksProxyType = socks4a
# Alternately use socks5
# See : here
# socksProxyType = socks4a
sudo service polipo restart
Skip to Configure your system to use Tor if you do not wish to add adblock to polipo.
This section is optional and is adapted from this blog. Adding adblock to polipo may help speed up Tor (no need to download unwanted content) and may be easier in a multiuser / multibrowser environment then configuring adblock per user / or browser.
This technique converts the list used by the Firefox extension Adblock Plus
Obtain the conversion script.
sudo wget http://sites.google.com/site/monkeesage/files/adblock2polipo.py -O /usr/local/bin/adblock2polipo.py
Make it executable.
sudo chmod a+x /usr/local/bin/adblock2polipo.py
Download the most recent (Easylist)adblock list.
wget --no-check-certificate http://easylist.adblockplus.org/easylist.txt
Update your "forbidden" list.
sudo cp /etc/polipo/forbidden /etc/polipo/forbidden.orig
sudo bash -c "/usr/local/bin/adblock2polipo.py easylist.txt >> /etc/polipo/forbidden"
Fix a syntax error.
sudo sed -i -e 's_+adverts_//+adverts_g' /etc/polipo/forbidden
Add a 1x1 blank gif to blocked ads.
Using any editor, open /etc/polipo/config and edit this line:
localDocumentRoot = " "
localDocumentRoot = "/usr/share/polipo/www"
Add a line at the bottom of the file:
forbiddenUrl = http://127.0.0.1:8118/empty.gif
Download an empty gif
sudo wget -O /usr/share/polipo/www/empty.gif \
Skip to Configure your system to use Tor
Skip this section if you are using polipo
I prefer privoxy due to built in adblock features.
For a sample privoxy configuration file see Tor privoxy configuration
Warning: I advise you use socks4a rather then socks5. (See this discussion) for details.
Privoxy is easy to configure. Basically, using any editor open /etc/privoxy/config and edit two lines. The configuration file is well commented and I suggest you read through it to understand the features and privacy issues.
Scroll down to the forwarding section and use the following changes:
# Set the listen address to 127.0.0.1:8118
# forward privoxy to TOR
forward-socks4a / 127.0.0.1:9050 .
# forward-socks5 / 127.0.0.1:9050 .
sudo service privoxy restart
Optimize Firefox for Privoxy
You can tune your settings in Firefox in about:config.
# If you are using socks5 you need to change this value to true
You can use Tor without a proxy. Simply configure your browser to use Tor directly localhost socks5 port 9050 .
In personal speed testing, Tor alone performs fairly well, but it is faster with either privoxy or polipo. I did not notice a significant difference in speed between privoxy or polipo, YMMV.
Note: Despite the discussion on the TOR , mailing list, the polipo disc cache is disabled by the default TOR polipo config file. Enabling the cache did not seem to make a huge difference in speed, and "privacy" is lost to some extent (web sites are stored in the cache).
You may use any number of methods to configure your system to use Tor.
- System (proxy) settings. This requires root access and browsers will need to be configured to use the system proxy.
- Browser settings.
- Extensions (Torbutton). Torbutton offers flexibility and increased privacy settings.
- Iptables. This also requires root privileges and will affect all users and all browsers.
We will be using the same settings for all configuration methods
- Proxy = "127.0.0.1"
- Polipo - Port 8123 (default) or 8118 (Tor configuration default).
- Privoxy - Port 8118
- Tor (no proxy) Socks4a Port 9050
One option is to set a system wide proxy. This can be done graphically :
Gnome System —>Preferences —> Network Proxy
KDE Computer —> System Settings —> Network Settings —> Proxy tab (On the Left panel)
In the dialog menu set your proxy to "127.0.0." and the port as above.
You still need to then configure each of your browsers to use the system proxy
Each browser has a slightly different method to set a proxy.
If you use Chrome or Chromium it is easiest, IMO, to use Proxy Switchy!
Konqueror uses the KDE system settings (as above).
For Firefox go under Preferences, Advanced tab (at the top left), Network tab (under the top menu), Click the "Settings" button.
Torbutton is a Firefox extension that used to toggle the use of Tor on and off as well as additional privacy features.
Vidalia is a graphical configuration tool for use with TOR. From the TOR site -
Vidalia lets you start and stop Tor, see how much bandwidth you are consuming, see how many circuits you currently have active, see where these circuits are connected on a global map, view messages from Tor about its progress and current state, and let you configure your Tor client, bridge, or relay with a simple interface. Included in Vidalia is an extensive help system which helps you understand all of the options available to you. All of these features are translated into a large number of languages.
If you are an iptables wizard, you can add a few "simple" rules to iptables to redirect outbound traffic to TOR.
sudo iptables -t nat -A OUTPUT -m owner --uid-owner root -j ACCEPT
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m ! --uid-owner tor -j REDIRECT --to-port 8123
This iptables redirect will not work with https traffic.