Outdated documentation

This page is out of date. Please use the main navigation to find the latest documentation.

Tor

This document gives some information about using Tor on gNewSense operating system. This is a parkes specific version of this document, but it should be easy to use Tor on different gNewSense versions.

Requirements

In order to use Tor on your gNewSense system, a few additional packages are needed. Everything is available in parkes repository, so there's no need to compile anything. The required packages are:

Installation

Instalation of the whole tor suite with required packages is as simple as typing one command using superuser privileges (root account or sudo program):

apt-get install polipo proxychains tor

Initial configuration

Before you start using the service, few minor modifications to configuration files are needed.

Polipo

Polipo will be used as an HTTP/HTTPS proxy server for web browsers. It is needed to set listening port and force use of SOCKS5 service provided by tor. These settings are located in the /etc/polipo/config file and the lines that should be added to it are as follows:

### Set listening port to 8118 (used by torbutton extension for Iceweasel/Icecat)
proxyPort=8118

# Uncomment this if you want to use a parent SOCKS proxy:
socksParentProxy = "127.0.0.1:9050"
socksProxyType = socks5

ProxyChains

The ProxyChains software will be used to force various programs to use proxy server provided by the Tor service. It intercepts TCP calls, so it's useful only for TCP programs. Configuration of ProxyChains is stored in the /etc/proxychains.conf file and for our case it should contain at least these lines:

strict_chain
proxy_dns 

tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks5 127.0.0.1 9050

Tor

Default Tor settings (stored in the /etc/tor/torrc) should be sufficient for typical user, but one can consider tuning a few parameters.

Using various programs with Tor

There are many ways to use Tor in real world appliances. Discussing them all is beyond the scope of this document, so we suggest reading Tor wiki, which contain lots of useful resources. Therefore only two methods will be described there:

GNOME desktop environment

One should configure proxy settings in GNOME, so all GNOME applications that honor these settings will connect via polipo or Tor's SOCKS5 proxy. This can be done from GNOME's “System” menu: System→Preferences→Network Proxy. Properly configured GNOME system should look like on the screenshot below.

gnome_proxy.png

Parameters set in GNOME should then be set in all instances of bash running within GNOME terminal. One can verify this in a terminal session typing:

set | grep "proxy\|proxy"

The output of above command should be something like this:

ALL_PROXY=socks://127.0.0.1:9050/
HTTPS_PROXY=https://127.0.0.1:8118/
HTTP_PROXY=http://127.0.0.1:8118/
NO_PROXY=localhost,127.0.0.0/8,192.168.1.0/24
all_proxy=socks://127.0.0.1:9050/
http_proxy=http://127.0.0.1:8118/
https_proxy=https://127.0.0.1:8118/
no_proxy=localhost,127.0.0.0/8,192.168.1.0/24

Web browsers

Epiphany web browser

Default web browser for GNOME - Epiphany - can leak information via DNS queries even while using proxies set by GNOME. Therefore one should use wrapper program such as usewithtor to prevent information leaks and improve own privacy while browsing the web. The easiest way of doing it is to modify a shortcut used for statring epiphany (for example the one on the GNOME panel) by right clicking on the icon and selecting “Properties”. Then adding “usewithtor” in the “Command” field (just like on the screen below) should do the thing.

epiphany_launch.png

Note: always make sure that epiphany is running via usewithtor wrapper. Otherwise it will probably leak some information about your browsing habbits.

Iceweasel web browser

There exist special extension for Iceweasel browser called torbutton. It can be installed from parkes repository in a typical way:

apt-get install iceweasel xul-ext-torbutton

This is the easiest and the most secure way of using Tor for web browsing on parkes.

E-mail clients

Evolution mail client

Evolution mail client supports use of HTTP/HTTPS proxy server, but for other connections (such as SMTP or POP3) it won't use any proxy service. Therefore one has to use a wrapper for such situation. The wrapper program that is known to work with evolution is proxychains. To force Evolution to use Tor routers for SMTP,POP3 and other protocols, one should start it via proxychains command. Similar to Epiphany case, the easiest way of setting it up is to modify a launcher (the one on GNOME panel). Properly set launcher should look like on the screen below.

evolution_launch.png

Claws mail client

Claws mail client similarly to Evolution does not support proxies for SMTP nor POP3 by default, so one has to use a wrapper program. In case of Claws mail user can use both proxychains or usewithtor programs. In order to start this mail client via a wrapper one can edit launcher icon (like in Evolution case) or type the command in a shell:

proxychains claws-mail

System administration

Software updaters

It's possible to use apt-get via Tor circuit. To do so, one should add this line to the /etc/apt/apt.conf file:

Acquire::http::Proxy "http://127.0.0.1:8118/";

Development environment

Bazaar

It is possible to use Bazaar version control system over a Tor infrastructure. Assuming there is properly configured tor service on a host, one can use bzr command via usewithtor wrapper. Because bzr is able to connect via SOCKS5 proxy, one can use both canonical or onion addresses while connecting. Connections to hidden Bazaar services are also possible. For example:

usewithtor bzr branch bzr://mmm5ahpcvvxigdgm.onion/gns-contrib/pkgs-parkes/enscript

will do a copy of an enscript package branch maintained by one of the contributors, who made it available as a hidden service.


CategoryOutdated

Documentation/Tor (last edited 2013-08-30 16:40:59 by FelipeLopez)