Tor is a proxy server which allows its users to hide their IP address from the websites they connect to. In order to provide this level of anonymity however, it introduces latency into these connections, an unfortunate performance-privacy trade-off which means that few users choose to do all of their browsing through Tor.
Here are a few things that I have found work quite well through Tor. If there are any other interesting use cases I've missed (e.g. reviewing academic papers), please leave a comment!
Tor setup
There are already great docs on how to install and configure the Tor server and the only thing I would add is that I've found that having a Polipo proxy around is quite useful for those applications that support HTTP proxies but not SOCKS proxies.
On Debian, it's just a matter of installing the
polipo package and then
setting the following in /etc/polipo/config
:
logSyslog = true
logFile = /var/log/polipo/polipo.log
# Configure polipo for use with tor
proxyAddress = "127.0.0.1"
proxyPort = 8008
allowedClients = 127.0.0.1
allowedPorts = 1-65535
proxyName = "localhost"
cacheIsShared = false
socksParentProxy = "localhost:9050"
socksProxyType = socks5
chunkHighMark = 67108864
diskCacheRoot = ""
localDocumentRoot = ""
disableLocalInterface = true
disableConfiguration = true
dnsQueryIPv6 = no
dnsUseGethostbyname = yes
disableVia = true
censoredHeaders = from,accept-language,x-pad,link
censorReferer = maybe
# Suggestions from Incognito configuration
maxConnectionAge = 5m
maxConnectionRequests = 120
serverMaxSlots = 8
serverSlots = 2
tunnelAllowedPorts = 1-65535
RSS feeds
The whole idea behind RSS feeds is that articles are downloaded in batch ahead of time. In other words, latency doesn't matter.
I use akregator to read blogs and the
way to make it fetch articles over Tor is to change the
KDE-wide proxy server using systemsettings
and setting a
manual proxy of localhost
on port 8008
(i.e. the local instance of
Polipo). If you don't see the proxy settings in the KDE control panel, make
sure that the kde-baseapps-bin
, libkonq-common
and kpart-webkit
packages
are installed.
Similarly, I use podget to automatically
fetch podcasts through this cron job in /etc/cron.d/podget-francois
:
0 12 * * 1-5 francois http_proxy=http://localhost:8008/ https_proxy=http://localhost:8008/ nice ionice -n7 /usr/bin/podget -s
Prior to that, I was using
hpodder and had the following in
~/.hpodder/curlrc
:
proxy=socks4a://localhost:9050
GnuPG
For those of us using the GNU Privacy Guard to exchange encrypted emails, keeping our public keyring up to date is important since it's the only way to ensure that revoked keys are taken into account. The script I use for this runs once a day and has the unfortunate side effect of revealing the contents of my address book to the keyserver I use.
Therefore, I figured that I should at least hide my IP address by putting
the following in ~/.gnupg/gpg.conf
:
keyserver-options http-proxy=http://127.0.0.1:8008
However, that tends to makes key submission fail and so I created a key
submission alias in my ~/.bashrc
which avoids sending keys through Tor:
alias gpgsendkeys='gpg --send-keys --keyserver-options http-proxy=""'
Package updates
Since most Debian packages are fairly small, downloading them over Tor doesn't take a whole lot longer. Large updates on the other hand are affected unless you do them in the background like I do with this daily cron job:
apt-get -qq update
apt-get -qq clean
apt-get --download-only --assume-yes --force-yes -qq dist-upgrade
apt-get -qq autoclean
To do updates over Tor, simply install the apt-transport-tor
package and then replace http://
with tor+http://
everywhere in
your /etc/apt/sources.list
so that it looks like:
deb tor+http://httpredir.debian.org/debian sid main contrib
deb-src tor+http://httpredir.debian.org/debian sid main contrib
deb tor+http://httpredir.debian.org/debian experimental main
deb-src tor+http://httpredir.debian.org/debian experimental main
Instant messaging
Communication via XMPP is another use case that's not affected much by a bit of extra latency.
To get Pidgin to talk to an XMPP server over Tor,
simply open "Tools | Preferences" and set a Tor/Privacy (SOCKS5)
proxy of 127.0.0.1
on port 9050
.
GMail
Finally, I found that since I am
running GMail in a separate browser profile,
I can take advantage of GMail's excellent caching and preloading and run the
whole thing over Tor by setting that entire browser profile to run its
traffic through the Tor SOCKS proxy on port 9050
.