TOR Overview

Tor is a tool used for anonymity on the internet. From the Tor home page:

Quote - Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security ...

Tor Home page

The Tor network has some limitations and is not known for speed.

Alternates to Tor would be to use a proxy server, such as Privoxy, or a proxy service.

Proxy servers

Although you can use Tor without a proxy server, the Tor project suggests using a proxy to improve performance :

Tor FAQ : Why do we need Polipo or Privoxy with Tor? Which is better?

You may also find these discussions on the Tor mailing list archives of interest:

Tor mailing list (discussion 1)
Tor mailing list (discussion 2)

Polipo is advised by Tor and is the default proxy used by the Firefox extension Torbutton (see below).

Personally I do not notice a performance difference between polipo and (properly configured privoxy although I find TOR is faster with either proxy.

I would also like to point out, you can configure your proxy according to the TOR documentation, although I personally prefer a few customizations to the default TOR settings and will point them out along the way.

socks4 vs socks5 & DNS leak

One area of departure is the use of socks5, which can reduce privacy via DNS leaks. With socks5, you may see the following warning in the logs:

polipo logs:

[warn] Your application (using socks5 to port 80) is giving TOR only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or scat) instead. For more information, please see http://wiki.noreply.org/noreply/TheOnionRouter/TORFAQ#SOCKSAndDNS.

The link is outdated/broken, see This link

Vidalia logs:

socks warning - Vidalia

If you receive this warning, either:

  1. Use socks4a with polipo and privoxy (rather then the default socks5).
  2. Configure Firefox to use remote DNS resolution.

Because of this potential problem I used socks-4a in this tutorial.

To configure Firefox to use remote DNS resolution , type about:config in your url and type 'socks' in the filter bar. Change network.proxy.socks_remote_dns to true.

network.proxy.socks_remote_dns true

Polipo

TOR now uses polipo by default. The advantages of Polipo are:

The disadvantage of polipo, IMO, is the lack of adblocking. You can add adblock to polipo.

Privoxy

Privoxy is an alternate proxy and offers additional features including adblocking.

The advantages of privoxy include built in adblock. In addition privoxy offers a finer gain of control and customization.

The main disadvantage of privoxy is that it may break some sites and require manual configuration to fix.

A note on the Default ports (and Tor and Torbutton configuration) :

By default, polipo normally uses port 8123. Both Tor and Torbutton changes the port to 8118, Using port 8118 conflicts with privoxy (causing errors if both polipo and privoxy installed).

If you install both proxies, I would suggest you use port 8123 for polipo and 8118 for privoxy.

Web interface

Both proxies can be configured via a web interface. By default, the Tor configuration disables the web interface so you will need to edit the configuration files to enable this feature. If you enable the web interface allow access only from localhost or secure it with a firewall.

Privoxy - privoxy web interface

Polipo - polipo web interface

Or if you use the config file from TOR - polipo web interface - Tor config file

Torbutton (Firefox Add on)

The Torbutton is a Firefox add-on that in addition to toggling use of Tor on and off adds a number of additional privacy features.

By default torbutton uses polipo on port 8118.

You can either configure polipo to use port 8118 (configured by default if you use the polipo configuration file from the Tor website) or configure the torbutton to use polipo on port 8123 (default port for polipo) or privoxy on port 8118 (default port for privoxy).

If you use the Torbutton be aware that it blacklists ports 8118,8123,9050,9051 on localhost therefore blocking access to the web interface for both polipo and privoxy.

If you plan to use Torbutton I highly suggest you use polipo on port 8118 (default settings for Tor). You may, of course, use privoxy with Torbutton or use port 8123 with polipo, but if you do so you will need to manually enter the appropriate information into the Torbutton configuration.

Portable Tor (Tor Browser Bundle)

TOR is available as the Tor Browser Bundle and has a number of advantages.

The major disadvantage of the tor browser bundle is that the version of Firefox that is included is a bit outdated.

If you are new to TOR, the browser bundle may be a great place to start.

Installing Tor

I will cover installation of Tor on Debian/Ubuntu and Fedora.

Installation on Debian/Ubuntu

These instructions are adapted from the official Tor documentation : Tor on Debian lenny, Debian sid, or Debian testing .

Using any method, edit your repositories and add the Tor repository :

deb http://deb.torproject.org/torproject.org lucid main

Ubuntu - Make sure Universe and Multiverse Repositories are enabled.

Add the Tor GPG key :

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Install Tor and polipo

sudo apt-get update
sudo apt-get install tor tor-geoipdb vidalia polipo

Or, if you prefer, use privoxy :

sudo apt-get install tor tor-geoipdb vidalia privoxy

If you wish apparmor profiles for tor/polipo/privoxy see my apparmor repository

Installing Tor on Fedora

Installing Tor on Fedora is a bit easier as Tor is in the Fedora repositories.

Tor + polipo:

yum install tor vidalia polipo

Tor + privoxy:

yum install tor vidalia privoxy

Install the Firefox extension Torbutton .

Configure polipo

Skip this section if you are using Privoxy.

This section is adapted from the Tor documentation.

Tor supplies a configuration file for polipo here. This configuration is well commented and IMO is worth reading.

You can download and copy that file to /etc/polipo/config:

sudo mv /etc/polipo/config /etc/polipo/config.orig
sudo wget https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf \
-O /etc/polipo/config

If you are using Fedora, add the following lines at the top of the tor configuration file:

### Configuration from Fedora RPM
### *****************************
daemonise = true
pidFile = /var/run/polipo/polipo.pid

I prefer a few customizations, including using socks4a (See this discussion), adblock, and a few customizations. Here is my configuration file (without comments).

proxyAddress = "127.0.0.1"
proxyPort = 8123
allowedClients = 127.0.0.1
allowedPorts = 1-65535
proxyName = "localhost"
disableLocalInterface = true
disableConfiguration = true
dnsUseGethostbyname = yes
disableVia = true
censoredHeaders = from,accept-language,x-pad,link
censorReferer = maybe
maxConnectionAge = 5m
maxConnectionRequests = 120
serverMaxSlots = 8
serverSlots = 2
tunnelAllowedPorts = 1-65535
chunkHighMark = 67108864

localDocumentRoot = ""
disableConfiguration = true

#use socks4a for TOR
socksParentProxy = "localhost:9050"
socksProxyType = socks4a

# Alternately use socks5
# See : here
# socksProxyType = socks4a

Restart polipo.

sudo service polipo restart

Skip to Configure your system to use Tor if you do not wish to add adblock to polipo.

Adblock for polipo

This section is optional and is adapted from this blog. Adding adblock to polipo may help speed up Tor (no need to download unwanted content) and may be easier in a multiuser / multibrowser environment then configuring adblock per user / or browser.

This technique converts the list used by the Firefox extension Adblock Plus

Obtain the conversion script.

sudo wget http://sites.google.com/site/monkeesage/files/adblock2polipo.py -O /usr/local/bin/adblock2polipo.py

Make it executable.

sudo chmod a+x /usr/local/bin/adblock2polipo.py

Download the most recent (Easylist)adblock list.

wget --no-check-certificate http://easylist.adblockplus.org/easylist.txt

Update your "forbidden" list.

sudo cp /etc/polipo/forbidden /etc/polipo/forbidden.orig
sudo bash -c "/usr/local/bin/adblock2polipo.py easylist.txt >> /etc/polipo/forbidden"

Fix a syntax error.

sudo sed -i -e 's_+adverts_//+adverts_g' /etc/polipo/forbidden

Add a 1x1 blank gif to blocked ads.

Using any editor, open /etc/polipo/config and edit this line:

localDocumentRoot = " "

to read:

localDocumentRoot = "/usr/share/polipo/www"

Add a line at the bottom of the file:

forbiddenUrl = http://127.0.0.1:8118/empty.gif

Download an empty gif

sudo wget -O /usr/share/polipo/www/empty.gif \
http://upload.wikimedia.org/wikipedia/commons/4/4b/Empty.gif

Restart polipo:

Skip to Configure your system to use Tor

Privoxy

Skip this section if you are using polipo

I prefer privoxy due to built in adblock features.

For a sample privoxy configuration file see Tor privoxy configuration

Warning: I advise you use socks4a rather then socks5. (See this discussion) for details.

Privoxy is easy to configure. Basically, using any editor open /etc/privoxy/config and edit two lines. The configuration file is well commented and I suggest you read through it to understand the features and privacy issues.

Scroll down to the forwarding section and use the following changes:

# Set the listen address to 127.0.0.1:8118
listen-address 127.0.0.1:8118

# forward privoxy to TOR
forward-socks4a / 127.0.0.1:9050 .

# forward-socks5 / 127.0.0.1:9050 .

#keep-alive-timeout 300
keep-alive-timeout 600

#default-server-timeout 60
default-server-timeout 600

#socket-timeout 300
socket-timeout 600

Restart privoxy.

sudo service privoxy restart

Optimize Firefox for Privoxy

You can tune your settings in Firefox in about:config.

network.http.keep-alive true
network.http.keep-alive.timeout 600
network.http.max-connections 30
network.http.max-connections-per-server 15
network.http.max-persistent-connections-per-proxy 16
network.http.max-persistent-connections-per-server 6
network.http.pipelining true
network.http.pipelining.maxrequests 8
network.http.pipelining.ssl true
network.http.proxy.keep-alive true
network.http.proxy.pipelining true

# If you are using socks5 you need to change this value to true
network.proxy.socks_remote_dns true

Reference : Hacking Firefox for Maximum Performance with Tor

Tor without a proxy

You can use Tor without a proxy. Simply configure your browser to use Tor directly localhost socks5 port 9050 .

In personal speed testing, Tor alone performs fairly well, but it is faster with either privoxy or polipo. I did not notice a significant difference in speed between privoxy or polipo, YMMV.

Note: Despite the discussion on the TOR , mailing list, the polipo disc cache is disabled by the default TOR polipo config file. Enabling the cache did not seem to make a huge difference in speed, and "privacy" is lost to some extent (web sites are stored in the cache).

Configure your system to use Tor

You may use any number of methods to configure your system to use Tor.

We will be using the same settings for all configuration methods

Set a system wide proxy

One option is to set a system wide proxy. This can be done graphically :

Gnome System —>Preferences —> Network Proxy

KDE Computer —> System Settings —> Network Settings —> Proxy tab (On the Left panel)

In the dialog menu set your proxy to "127.0.0." and the port as above.

You still need to then configure each of your browsers to use the system proxy

Configure your browser

Each browser has a slightly different method to set a proxy.

If you use Chrome or Chromium it is easiest, IMO, to use Proxy Switchy!

Konqueror uses the KDE system settings (as above).

For Firefox go under Preferences, Advanced tab (at the top left), Network tab (under the top menu), Click the "Settings" button.

Use Torbutton

Torbutton is a Firefox extension that used to toggle the use of Tor on and off as well as additional privacy features.

Configure TOR with Vidalia (Graphical Tool)

Vidalia is a graphical configuration tool for use with TOR. From the TOR site -


Vidalia lets you start and stop Tor, see how much bandwidth you are consuming, see how many circuits you currently have active, see where these circuits are connected on a global map, view messages from Tor about its progress and current state, and let you configure your Tor client, bridge, or relay with a simple interface. Included in Vidalia is an extensive help system which helps you understand all of the options available to you. All of these features are translated into a large number of languages.

Using iptables

If you are an iptables wizard, you can add a few "simple" rules to iptables to redirect outbound traffic to TOR.

For Example:

sudo iptables -t nat -A OUTPUT -m owner --uid-owner root -j ACCEPT
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m ! --uid-owner tor -j REDIRECT --to-port 8123

This iptables redirect will not work with https traffic.