HOWTO: Anonymous communication with Tor - some hints and some pitfalls [Update]

Warning: Very long post ahead. You have been warned!

What?

Tor is a Free Software project (revised BSD license), developed by Roger Dingledine and Nick Mathewson, that creates an infrastructure for anonymous TCP communication.

From the project website:

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves.

Tor also allows you to set up and/or use a so-called Tor hidden service, i.e., a server that offers some service (a website, ssh access, or similar) without revealing its IP to its users.

Why?

Why would you want to use Tor? Well, because you probably don't want anybody (neither state agencies, nor companies, nor "hackers", nor any other individuals or groups) to be able to record, analyze, and (ab)use information about your web browsing habits, or any other communication habits. For instance, you don't want Google to have a complete search-profile of you, which — even worse — might some day get in the hands of other parties. In the days of massive data retention you don't want all your electronic traces to be recorded, stored for ages, analyzed, and data-mined for dubious reasons and with even more dubious results and false conclusions drawn that might negatively affect you. If you're a human rights activist in China, you want anonymous communication. If you're a whistleblower, you want anonymous communication. The list is endless.

For securing your communications, so that nobody is able to sniff your emails, your chat messages, your passwords, your private documents and conversations, you use encryption. For communicating anonymously you can use Tor. Combine both, and you have secure and anonymous communication.

In case you're wondering whether criminals might abuse Tor, read the Tor Abuse FAQ. Short answer: yes, but if you're willing to break the law, you already have anonymity (open access points, stolen/prepaid mobile phones, etc.). You don't need Tor to do bad things if you're a criminal.

If you're one of those horrible "oh, but I don't have anything to hide" guys, consider this: Say you have a drug/alcohol problem and want to visit an anti-drugs/anti-alcohol website or forum for help. Would you want the whole world, your neighbors, your co-workers, your boss, to know that, or would you rather want to keep that a secret? Say you have AIDS and want to get information on the web? Or, to make the example even more dramatic: Would you want some random guys to be able to watch you while you fuck your wife? No? So you have something to hide after all, right?

My point is: Everyone has something to hide, even more, it is a basic human right to have the ability to hide something. It's called privacy.

How?

Tor implements a form of onion routing to, basically, push encrypted data through multiple Tor nodes (servers), before it reaches the final destination (e.g. a website). The result is that neither the website owner, nor a local eavesdropper, nor any single Tor server knows who requested that specific website, hence you are communicating anonymously. For more technical details, read the Tor overview and the Tor documentation pages.

In order to use Tor, you have to install and run a local Tor client/daemon (this is not necessarily a Tor server!). On Debian, type apt-get install tor, on other systems you can get the respective binary packages or download the sources and compile Tor yourself.

Usually Tor is used together with Privoxy, a configurable HTTP proxy that sanitizes your web-browsing experience by removing nasty banner ads, pop-ups, JavaScript, webbugs, cookies etc. etc. So: apt-get install privoxy.

After installing and starting Tor and Privoxy, you can now configure your webbrowser to use Privoxy as an HTTP proxy (see below), and Privoxy will in turn use Tor to anonymize your communication if you add "forward-socks4a / localhost:9050 ." to your /etc/privoxy/config.

Anonymizing various applications

Most (but not all) of the following information is also covered in the very useful Torify HOWTO in the Tor wiki (I will add the missing information there, ASAP). As I'm pretty paranoid, I have checked every single of these configurations with Ethereal to ensure that the traffic is really anonymized. However, if you are paranoid, you shouldn't trust me, but rather test this stuff for yourself!

Warning: DNS Leaks:
The biggest problem with many applications is that they leak DNS requests. That is, although they use Tor to anonymize the traffic, they first send a DNS request untorified in order to get the IP address of the target system. Then they communicate "anonymously" with that target. The problem: any eavesdropper with more than three brain cells can conclude what website you visited, if they see that you send a DNS request for rsf.org, followed by some "anonymous" Tor traffic. The solution: use Tor together with Privoxy, that prevents DNS leaks. Many non-HTTP-based applications are usually torified using a small tool called torify (e.g. by typing torify fetchmail), but often this approach has DNS leaking problems, see below.

  • Webbrowser: Firefox, Mozilla, Galeon, Konqueror, ...:
    Most browsers can be torified by using Privoxy as an HTTP(S) proxy, i.e. using 127.0.0.1 as proxy host and 8118 as proxy port.
    For example, to torify Firefox go to Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration and configure:
    HTTP Proxy: 127.0.0.1 port 8118
    SSL Proxy: 127.0.0.1 port 8118
    FTP Proxy: 127.0.0.1 port 8118
    SOCKS v5

    For Konqueror, go to Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup and configure:
    HTTP Proxy: 127.0.0.1 port 8118
    HTTPS Proxy: 127.0.0.1 port 8118
    FTP Proxy: 127.0.0.1 port 8118

    Warning: Although Privoxy doesn't support FTP, you should configure the browser to use Tor + Privoxy for FTP. By doing that, you get an error message when you try to access ftp:// URLs, but at least you don't send untorified traffic without noticing.
    Warning: Firefox's "Live Bookmarks" (RSS feeds) are a problem if you switch from a torified to an untorified state sometimes (by switching or enabling/disabling the proxy). Firefox periodically requests all the feeds you're subscribed to. If you turn off Tor + Privoxy usage, they will be requested non-anonymously, and you won't even notice it! Solution: remove all "Live Bookmarks", or never switch to untorified browsing.

  • HTTP-based tools: lynx, links, w3m, wget, curl, ...:
    Most other HTTP tools, such as wget, can be torified by setting the respective values for the http_proxy and HTTP_PROXY environment variables. Applications that don't honor http_proxy probably have a configuration option to set the HTTP proxy.
    Add this to your ~/.bashrc or similar config-file:
    http_proxy=http://127.0.0.1:8118/
    HTTP_PROXY=$http_proxy
    export http_proxy HTTP_PROXY

    Warning: links is a notable exception here. It does not honor the http_proxy environment variable! However, you can add http_proxy 127.0.0.1:8118 to your /etc/links.cfg and/or to your ~/.links/links.cfg. Or go to Setup -> Network Options and do the same there. Or use the -http-proxy 127.0.0.1:8118 command line option.

  • Instant Messaging: Gaim:
    Go to Preferences -> Network -> Proxy and configure this:
    Proxy type: Socks 5
    Host: 127.0.0.1
    Port: 9050

    Gaim doesn't seem to leak DNS requests.

  • Debian: Apt:
    Setting http_proxy is enough, as apt-get honors the http_proxy environment variable. But you can also add this line to your /etc/apt/apt-conf:
    Acquire::http::Proxy "http://127.0.0.1:8118/";

    apt-get doesn't seem to leak DNS requests.
    Warning: This will only work for deb/deb-src lines in /etc/apt/sources.list that use HTTP, because Privoxy does not support FTP.

  • RSS-Reader: Akregator:
    Which RSS feeds you are reading tells quite a lot about you, and it's probably an information some people or organizations would be very interested in, I imagine. So anonymizing your feed-reader is quite important, IMHO. Akregator (a KDE RSS-reader application) uses Konqueror internally, so if you have set Konqueror to use Tor + Privoxy as HTTP-proxy, Akregator is safe, too.
    Akregator doesn't seem to leak DNS requests.

  • Podcast Client: iPodder/Juice:
    Got to File -> Preferences -> Network settings and configure this:
    Use a proxy server: enable
    Address: http://127.0.0.1
    Port: 8118

    iPodder/Juice doesn't seem to leak DNS requests.

  • Secure login: ssh:
    In order to torify all your ssh communications (ssh, slogin, sftp, etc.), edit your /etc/ssh/ssh_config and/or ~/.ssh/config and add:
    Host *
    ProxyCommand socat STDIO SOCKS4A:127.0.0.1:%h:%p,socksport=9050

    This requires socat, so: apt-get install socat.
    ssh doesn't seem to leak DNS requests.
    Warning: Simply using torify ssh does not suffice, it leaks DNS requests!

  • Email: fetchmail:
    Properly torifying fetchmail is pretty ugly. Basically, torify fetchmail should be enough (one would think), but that leaks DNS requests! All tips offered in the Torify HOWTO suffer from this problem. The ideal solution would be to use tor-resolve (a small utility that resolves DNS requests via the Tor network, and hence anonymously) before fetching the emails, but I haven't found a good and simple solution for that. What I do right now is to hardcode IP addresses in my ~/.fetchmailrc config-file and then use torify fetchmail, which doesn't leak DNS requests. However, it leads to some ugly "fetchmail: Server CommonName mismatch: foo.bar.com != xxx.xxx.xxx.xxx" warnings.
    I always start fetchmail manually, often by clicking an icon in my IceWM toolbar. So I use the following line in my ~/.icewm/toolbar config-file:
    prog Fetchmail fetchmail xterm -e torify fetchmail

    Sometimes I invoke fetchmail from the command-line, too, so I have this alias in my ~/.bashrc:
    alias fetchmail='torify fetchmail'

    Warning: Just for the record: torify fetchmail alone (i.e. used with hostnames in ~/.fetchmailrc) does not suffice, it leaks DNS requests!

  • IRC: XChat:
    Go to Settings-> Preferences -> Network -> Network setup -> Proxy server and configure:
    Hostname: 127.0.0.1
    Port: 9050
    Type: Socks5

    Then make sure you check the "Use a proxy server" checkbox in the preferences dialog of the IRC server you want to use.
    XChat doesn't leak DNS requests.

You might also want to check out toraliases, a small shell script you can source from your ~/.bashrc file. It defines some functions and aliases that transparently direct the traffic of some (but not all!) programs through Tor.

Applications which cannot easily be torified

Anything not using TCP usually cannot be torified, as Tor only works for TCP.

  • Non-TCP traffic from tools like ping, host, dig, nslookup, nmap, traceroute and lots more: as Tor only supports TCP, you're out of luck. However, you can safely use web-frontends such as dnsstuff.com over Tor + Privoxy (if they don't block Tor users, that is).
  • whois: Although torify whois google.com leaks the DNS request for the whois-server (in this case whois.crsnic.net), it doesn't seem to leak the host you wanted to lookup. Can somebody confirm this? The safer method is to use a web-frontend, though.
  • FTP: Although torify ncftp works, it leaks DNS requests! I haven't yet found a way to fix this (help is appreciated!). I also tried a few other FTP clients, without luck.
  • GnuPG: Using gpg anonymously should work by using a proper http_proxy environment variable and by using a hidden Tor server as keyserver.
    Add this to your ~/.gnupg/gpg.conf:
    keyserver x-hkp://yod73zr3y6wnm2sw.onion
    keyserver-options honor-http-proxy broken-http-proxy

    This works in theory. However, I noticed a problem: while gpg --recv-keys seems to work fine, gpg --refresh-keys leaks DNS requests! It seems GnuPG hard-codes the keyserver to keyserver.pgp.com in that case and leaks the DNS request for this domain name.
  • Sending email (SMTP): Not sure how to do this with Tor. Many Tor nodes block SMTP per default. A better solution is probably Mixmaster/Mixminion.
  • CVS, svn, Bittorrent/Azureus (untested HOWTO), usenet clients (pan, slrn), xmms: TODO. Haven't checked, yet.

Pitfalls to be aware of

  • Rule #1: Don't spoil your anonymity by being stupid!
  • IRC: Don't use nicks which hint at you, such as your real name, real-life nickname, acronyms which are known to "belong" to you or identify you. Don't use things like DCC that might reveal your real IP or real information about you. Disable all possibly "leaky" features/commands such as CTCP, VERSION requests, automatically accepting files from other IRC users, etc. etc.
  • Don't accidentally access Tor hidden server URLs in an untorified browser. For example, if you would try to access the fictitious hidden server abc1234.onion, this request would travel over the net unencrypted and untorified. An eavesdropper could sniff that, enable Tor on his computer, go to abc1234.onion, and would know what you wanted to look at.
  • Double-check that all applications you use don't leak DNS requests.
  • Do not only configure your ~/.foobarrc config-files but also the config-files in /etc. Otherwise you might eventually use wget, ssh, lynx or other tools as root (instead of your normal, non-privileged user account) resulting in untorified traffic!
  • Disable all "check for updates automatically", "notify upon new release" and similar "phoning home" features in all your applications. Most such features are probably not Tor-safe, i.e. will send/receive untorified traffic. Some candidates are Firefox, Adobe Acrobat reader, Gaim, and others.
  • Never, never, think that Tor encrypts your traffic! It does not! The person who runs a Tor exit node can easily sniff all plain-text traffic! Tor only anonymizes your traffic, but it can still be sniffed plain-text at the beginning and at the end of the onion route! So don't do any HTTP-auth, or plain-text password sending for e.g. POP3, telnet, and so on. Always use encryption in addition to Tor!
  • In general, spread only a minimum of information. Disable referrer sending (e.g. using Privoxy), disable cookies, kill webbugs (Privoxy), and so on.
  • Watch your language, especially in public forums or IRC. A linguist can probably easily figure out which country/region you're from if you speak/write broken English or use certain idioms or false friends. This might or might not be a problem for you, but it's something you should bear in mind.
  • If you're extra paranoid, you could set up your firewall to block all outgoing DNS traffic and force all applications to use Tor to resolve names. You could probably also block all outgoing non-Tor traffic...
  • Another good idea is probably carrying an Anonym.OS LiveCD with you, so you can have a (more) anonymous communication wherever you go.

More information

More information is available in the Tor documentation, the Tor wiki, and especially in the Tor FAQ. In addition, there's an IRC channel on Freenode (#tor), some slides and a video (torrent) about Tor you might find interesting. If you would like to help, you can run a Tor server, donate some money, or volunteer to do other things (code, debug, document, translate, and more).

That's it for now. I'm very grateful for comments and suggestions, especially for hints on how to anonymize more applications. Also, if you notice any dumb mistakes I made, please leave a comment.

Update 2006-03-07: Fixed typos, added link to the toraliases project (thanks Benjamin Schieder).
Update 2006-03-10: Fixed a whole bunch grammar errors, thanks Geoffrey Lewis Goodell for the patch!

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Time for an update.

This is an excellent guide, and a lot of the information is still valid, but it does owe itself an update for those bits that no longer apply.

You have a great blog, btw. And I enjoy reading here and will keep coming back.

Protecting against all DNS leaks using iptables

I've finally taken up Tor for all my usual browsing today, which I've been meaning to do for some time, because I've found a fairly foolproof way to stop DNS leaks. My browser was still leaking even when going through Privoxy, so this was necessary.

Put this in /etc/tor/torrc, and restart Tor:

AutomapHostsOnResolve 1
DNSPort 53

And run this command on startup (on my Debian desktop, I have it in /etc/rc.local):

iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53

Then, all well-behaved outgoing DNS requests are dealt with anonymously by Tor. I imagine a nasty browser plugin or other application could get out of this by DNSing in some non-standard way, but this should stop any of your trusted apps from causing you trouble. Of course, all your non-Tor stuff is going to be slightly slower, but once lookups is done it won't have any effect.

Hi there. What I want to do

Hi there.

What I want to do is pretty simple, but I need to know if what I am doing is completely anonymous.

Ok so im new to Tor and all this stuff.

What I want to do is essential send and receive e mails to my contacts completely anonymously, and untraceable.

So what ive understood so far. I use Tor to encrypt and mask my isp from my computer to the last node, the exit node, and then use Privoxy which will revent DNS leaks. This will make me completely anonymous?

So if I configure firefox with Tor and Proivoy and use a web e mail service then like hushmail? Will I be untraceable and secure?

or is there more I need to know?

Even hushmail aside.. could I use gmail and be equally protected?

torify ncftp

Uwe,
Have you tried system-wide DNS' queries interception by Tor which i (not so well) described in comment to your post "Anonymous Google Earth over Tor" (comment "waits admin's moderation").
After all is done, "torify ncftp" should not leak DNS.

Does traffic really leaves client machine unencrypted?

Uwe, good article, thanks
(for me i found interesting a note about reaching ftp resource thru proxified web browser and resulting loss of tor's protection).

What about correcting a following yours note:
"...Tor only anonymizes your traffic, but it can still be sniffed plain-text AT THE BEGINNING and at the end of the onion route!.." --uppercase by me.

What your statement means to me (and probably others): traffic leaves client machine unencrypted and can be intercepted (e.g. by ISP) at the way it travels to the first server in the route. Even if client machine is supposed to be part of onion network, then still "at the beginning of the onion route" means traffic leaves client machine unencrypted.

Reasons to correct:

1) Wikipedia tells us (article "Tor", section "Eavesdropping by exit nodes") data following out of onion network on Tor's exit nodes is indeed UNencrypted, but NOT at the beginning of onion network, so logical chain would be: data leaves client computer encrypted, travels through onion network encrypted and THE ONLY place it is unencrypted is way out of exit node.

2) www.torproject.org/overview (Tor's homepage) tells us data (traffic) leaves client computer encrypted (see diagrams).

So, taking into account 1) and 2) you may be right regarding you statement about plain-text traffic at the beginning of the onion route if:
- wiki doesn't say whole truth and Tor developers (or whatever site's authors) lie ;
- there is a mistake on Tor's homepage.

Why am i say about this? Why is this important? Because to my opinion, traffic encryption at the place when it leaves client computer is vital to guard against ISPs and authorities which can force ISPs to do anything (to provide data etc.). We don't know how do ISPs (would potentially) process our traffic, so it is extremely important they get nothing (encrypted data) --hope i'm right :)

People who will find out what is Tor from your article, should know truth about such important case like traffic encryption.

Regards,
Keiner

some misunderstanding

What he meant was that the first node in the circuit can actually see the data and the last node can see it also.... traffic is encrypted all the to the entry node, but entry node can see what's in it.... only relay can't see what's in it. it=packets

Does Tor also prevent Google

Does Tor also prevent Google from using its built-in traffick monitoring tools, like google toolbar, or google web history? It sounded like a small idea at first, getting an email address @gmail, and slowly it grew into something frightening. Albert Campres

Tor traffic

Hi, I think this is a misunderstanding or maybe I misworded my text. Yes, traffic does leave your PC in encrypted form already, so the ISP should not be able to sniff any unencrypted Tor traffic from you.

I guess what I was referring to back then as "at the beginning" was the local PC where your Tor daemon runs. If this PC is not fully under your (and only your) control, you might still compromise your anonymity. Say you use Tor on some Uni/company PC where someone other than you has a root login or similar. In that case the root user may well be able to sniff whatever you want to pass into the Tor network before it gets sent away, i.e., in its plain-text unencrypted form.

This is just a theoretical scenario right now, I don't know about any concrete rootkits or other ready-made software that does something like this, but the risk is definately there. Using manipulated shared libraries, manipulated Tor daemon software, rootkit software, or through other means — a local attacker with root permissions will certainly be able to see your Tor traffic before it gets encrypted and sent into the Tor network.

Of course, if someone other than you has root permissions on such a box, you also have many other problems... Anyway, I would definately not recommend using Tor on machines you don't fully control.

Uwe.

Re: Tor traffic

Uwe, now i understand what you mean. Thank you for reply and explaining.

Tor, RSS, and blogs - how does that work?

Can one remain anonymous when using the Tor bundle with a blog/RSS aggregator? For instance, will blog owners be able to see your information when your read their blog entries through a blog aggregator ? Will the 'others' (anyone watchin or snooping) be able to see your info & what blogs you read via your blog aggregator?

Tor and RSS

As RSS consists of simple HTTP requests you can anonymize it just as easily as browser traffic, i.e. visiting websites.

Depending on what you mean with "RSS aggregator" you can then indeed anonymously read RSS feeds. This will work fine with e.g. Akregator, but not necessarily with other applications (untested by me), or web-based RSS aggregator (where you usually have to login, and thus immediately lose your anonymity).

HTH, Uwe.

Encryption

Hi,

Basically, I would like to encrypt and anonymize all the HTTP traffic from my computer to the actual site.
I am using Tor + Privoxy with the Torbutton plugin in Firefox 3.0.1. For what I understand, this combination guarantees encryption only in the tor network itself? If that is correct, what software (preferably under Ubuntu) can I use to encrypt the rest?

Thanks for your help,

Ciridian

Wow. Now this is some great

Wow. Now this is some great information. I could use this a lot in my work field. I can make some drug rehab programs on an idea i got from your article. Maybe we can 1do something together. I will continue reading you for more great ideas.

RefControl

Please also pimp RefControl

http://www.stardrifter.org/refcontrol/

"RefControl is an extension for Firefox that lets you control what gets sent as the HTTP Referer on a per-site basis."

Check your referrer (and other Tor information) with this page:
http://torcheck.xenobite.eu/

Cheers

Do you have any idea how

Do you have any idea how something like FireFTP, an extension for Firefox, behaves? Does it obey Firefox's settings?

No idea sorry, never used

No idea sorry, never used that. FTP is a problem usually, at least privoxy (or was it the socks stuff?) doesn't really support FTP. The only way to find out is to use wireshark and check for it...

Uwe.

encryption: request for clarification

Hi, Uwe, thanks for a very detailed post, which nourished parts of my mind that the Tor documentation failed to reach (not Tor's fault. I feel a bit thick-headed today). Just set up Tor and I'm looking for clarifications on two related issues, to be sure I'm getting the picture right. Incidentally, I'll be using Tor mainly for plain-text telnet, not Web.

1. I understand that traffic is encrypted only on Onion routes, not before entry or after exit. Now, I'm set up to relay Tor network traffic. Does this mean that my machine is part of an Onion route, and that my own outbound traffic leaves my machine encrypted? Or am I still sending plain text which is encrypted at a later hop?

2. When the target server replies, is it as regular, open Net traffic, or does it take the same Onion route back to my machine? If the latter, does the traffic remain excrypted all the way to my machine, or is it plain text on the last leg?

In sum, assuming I'm relaying Onion traffic, is my machine sending or receiving any unencrypted data at all?

Probably a silly question, but I'd be grateful for a clarification.

TIA

Pratik

Tor Mailing List

Anyone reading this page and wanting more answers to questions should check out the official Tor Project mailing list:

http://archives.seul.org/or/talk/

It's easy to subscribe via e-mail then post messages which will be read by those who actually develop Tor, and they often answer.

You can browse the mailing list online too at the link I posted, here it is again:

http://archives.seul.org/or/talk/

Sign up and participate!

for anonymous and censorship-resistant communication

"for anonymous and censorship-resistant communication"

Someone with TOR, really should remove the above text from their websites and documentation.

Tonight while downloading some files from rapidshare, instead of getting the file I was attempting to download, I got a page that said that TOR was not meant to be used this way, and that I would not be allowed to download the file. Now I was not trying to download kiddie porn, warez, or anything that most people would find objectionable.

I wish I had copy and pasted the page so that I could give you a direct quote, but I figure that all of us will start to get the message more and more.

My point is, while the people at TOR CLAIM to be providing anonyminity, and censorship-resistant communication, apparently they have decided, to DENY us both. They have chosen to censor and restrict what we can see, and access.

I am removing TOR just as soon as I get an exact copy of the text.

Then I intend to expose the TOR team as the ghestapo and censorship police that they have become.

BTW, I relate this to what has happened to the republican party in the U.S. They talk about smaller government. Most people including myself, hear smaller government and think less interference and intrusion into my life. What THEY (the neo-cons ) mean, is a fewer number of people tellling us EXACTLY how to live our lives.

Do you see the correlation ?

Tor

The message you got is quite likely not from Tor itself, but rather from the site in question. It's possible for a website to find out that someone accessed the website via Tor, but your anonymity is still preserved because they don't know who accessed the site (they only know it's a Tor user).

HTH, Uwe.

Some questions about Spamassassin and other things..

Hi, Uwe..

I run spamassassin as part of my email retrieval setup, utilizing razor and pyzor along with sa-update run on a cron.

Normally, Fetchmail fetches outside of Tor with the options sslcertck sslcertpath xxx turned on. When using Tor, I have remove the certificate check option, or no go, as the Tor certificate does not match the mail provider's - no problem, as the https chain should ensure encryption end to end. I think. Opinion?

With Spamassassin, razor and pyzor are called from perl scripts that are plugins in spamassassin's structure. Spamassassin is run daemonized, with spamc calling from Procmail. Any easy way to torify the spamassassin calls to razor, pyzor, and sa-update?

Google has not been my friend on this one, and you seem to have some experienced people posting here...

Cheers!

URL Encryption

I'm a Tor newbie.

I was wondering if Tor encrypts not only the content of web pages, but the URLs as well so that the URL of the web pages you visit would not be visible to anyone, e.g., ISP or others. I was reading on a blog somewhere (I don't recall which one) and someone was saying they set up a web server and a Tor node and the real URL of the web site they were accessing showed up in the web server logs. I may have misinterpreted it, but it seems to me, that Tor ought to encrypt the URL AS WELL as the actual content. Does Tor encrypt the URL too?

I was also wondering if it's possible to configure Tor using Anonymizer.com secure tunneling? How would I go about configuring Tor and Privoxy to use Anonymizer's secure tunneling or isn't that necessary. Isn't Tor already using something similar to secure tunneling?

As I mentioned, I am a Tor newbie, so I would appreciate your input and clarification on these points. Thanks.

Tor is not intended for

Tor is not intended for encryption but rather for anonymization. If you use plain-text protocols over Tor (HTTP, POP3 etc) the Tor exit node will be able to see that plain-text contents (passwords, URLs, whatever).

When you use Tor, somebody may be able to "see" a website request but cannot find out who requested that website. Thus you are (supposed to be) anonymous when using Tor correctly.

Tor does encrypt traffic between Tor nodes as part of the protocols used to achieve anonymity, but once your traffic reaches the "exit node" it will be plain-text again! So do not rely on Tor for encryption. That's not what it is intended to be used for.

Please read the documentation at the Tor website for more information.

Uwe.

Re: URL Encryption

Uwe,

Thank you for your reply. I know that the exit node will be able to see everything. My question was related to whether my ISP would be able to see the URL I am browsing, or is that encrypted when I access it through the Tor proxy, because if they could see the URL, but not the content of the web page, they could still track my browsing habits. Could please clarify that for me.
Thanks very much.

Tor with FTP

This is probably a naive question which I really should know the answer to:

If I specify an IP address to connect to over FTP rather than specify a domain name, I won't have an issue with DNS leaks, will I?

Thanks.

resolve host names manualy

The Problem. When your applications connect to servers on the Internet, they need to resolve hostnames that you can read (like tor.eff.org) into IP addresses that the Internet can use (like 209.237.230.66). To do this, your application sends a request to a DNS server, telling it the hostname it wants to resolve. The DNS server replies by telling your application the IP address.

Clearly, this is a bad idea if you plan to connect to the remote host anonymously: when your application sends the request to the DNS server, the DNS server (and anybody else who might be watching) can see what hostname you are asking for. Even if your application then uses Tor to connect to the IP anonymously, it will be pretty obvious that the user making the anonymous connection is probably the same person who made the DNS request.

Where SOCKS comes in. Your application uses the SOCKS protocol to connect to your local Tor client. There are 3 versions of SOCKS you are likely to run into: SOCKS 4 (which only uses IP addresses), SOCKS 5 (which usually uses IP addresses in practice), and SOCKS 4a (which uses hostnames).

When your application uses SOCKS 4 or SOCKS 5 to give Tor an IP address, Tor guesses that it 'probably' got the IP address non-anonymously from a DNS server. That's why it gives you a warning message: you probably aren't as anonymous as you think.

So what can I do? We describe a few solutions below.

If your application speaks SOCKS 4a, use it.

For HTTP (web browsing), either configure your browser to perform remote DNS lookups (see the Torify HOWTO how to do this for some versions of Firefox) or use a socks4a-capable HTTP proxy, such as Privoxy. See the Tor documentation for more information. For instant messaging or IRC, use Gaim or XChat. For other programs, consider using freecap (on Win32) or dsocks (on BSD).

If you only need one or two hosts, or you are good at programming, you may be able to get a socks-based port-forwarder like socat to work for you; see the Torify HOWTO for examples.

Tor ships with a program called tor-resolve that can use the Tor network to look up hostnames remotely; if you resolve hostnames to IPs with tor-resolve, then pass the IPs to your applications, you'll be fine. (Tor will still give the warning, but now you know what it means.)

You can use TorDNS as a local DNS server to rectify the DNS leakage. TheOnionRouter/SupportPrograms

A couple of questions

Hello Uwe

A few comment from a Tor newbie...

As you wrote above I've tried to run Icq/Gaim with Tor being configured with Socks5, 127.0.0.1 on port 9050. But obviously Gaim still contacts straight the Icq server without Tor. I see it when I check myself on a friend's buddy list it still reveals my physical IP address. I tried then the other way: I made no proxy settings in Gaim but I picked up Freecap, a tool for redirecting traffic on Socks5/4a, and so socksified Gaim on Tor. This way it seems to be okay.

How about browser plugins do they produce DNS leaks as well? It's my observation when I load a page with torrified Firefox and then start an embedded Youtube video on the page the video playback (flash plugin) is as fast as usual.

Thanks,
Ingo

Tor

For browser plugins: yes, I guess most of them will bypass Tor. You need to check every single one... But you shouldn't be using any "active" technology with Tor anyway (Flash, JavaScript, Java, ActiveX, whatever), as those have many other ways to reveal your identity (spoil your anonymity)...

Also, please note that it's not a good idea to use unencrypted protocols (e.g. ICQ) over Tor, as the admins of Tor (exit) nodes can read your traffic in plain text, and thus could get to know your passwords and other sensitive data...

"Never, never, think that

"Never, never, think that Tor encrypts your traffic!"

You are quite incorrect, so I'm wondering how much you actually know about Tor.

Half the point of Tor is to _encrypt_your_traffic from the desktop to the Tor exit node (the last hop to your PC), as a packet sniffer can show. Traffic from the target to the tor entry node is unenencrypted, yes. But the other half of tor is onion routing so that the entry node can't easily trace your IP anyway.

If you're careless enough to put identifying details into plaintext that the entry node cansniff and capture, then they can find out who you are certainly.

Tor encryption

Exactly. Maybe my formulation was a bit misleading.

Sure, Tor encrypts the traffic, but what most people seem to get wrong (or simply not know) is that at the exit node the traffic is plain-text again, thus sniffable by anybody. That's what I was trying to warn about.

In other words, if you use any non-encrypted protocols over Tor (POP3, HTTP, whatever), exit node admins will be able to sniff your complete traffic, including passwords and identifying details.

Uwe.

More information

Great article, it really is. You covered damn near everything and made it easy to read. Here is a GREAT resource for Tor information and general security/anonymous lore and the like:

http://exitthematrix.dod.net/

And specifically about Tor and its short comings (or rather the short comings of software that uses Tor):
http://exitthematrix.dod.net/matrixmirror/ar01s05.html#webbugs

Exit the matrix

Hi, thanks for the pointers!

Uwe.

Speed up Tor

Hi Uwe,
what do you think of speeding up Tor by choosing fast(er) entry and exit nodes --> torfu

Faster Tor nodes

Hm, not sure. I would not recommend to do this on your own, you'll probably end up breaking/weakening your anonymity, and that's the whole point of using Tor, right?

That said, maybe such a feature could be built-in into Tor by the maintainers (maybe it's even already there!?). But they definately need to put a lot of thought into how this is implemented — I believe you can easily mess up on this and introduce subtle weaknesses regarding anonymity if you're not careful...

Uwe.

Using tor for use with all email client, for send and recive

Hi,
for send emails, tor isn't adapt because allmost all node are blocking 25/tcp in out, for prevent spam.

BTW, I've found that nerdshack.com offers an anonymous email registration and an smtp on port 2525.

using socat for this purpose is very simple and we can use also SSL:

socat TCP4-LISTEN:9025,fork SOCKS4A:localhost:mail.nerdshack.com:2525,socksport=9050 &

socat TCP4-LISTEN:9010,fork SOCKS4A:localhost:mail.nerdshack.com:995,socksport=9050 &

So, you must use localhost:9010 as pop3 and localhost:9025 as smtp.

bye,

tor and security

Good post, thx a lot.

Comments/Questions:

Torpark is another amazing program that you can use: double-click the
executable and it automagically runs tor with a brand new Firefox browser. Install on thumb drive and voila. The only problem is that
I dont see Privoxy being used at all. DNS leak?

I've set up MSN messenger with Tor. A bit of a hassle (u have to go through internet explorer), but I think it works. My question is: what does this actually do? what is being torrified exactly?

For ENcryption in messenger, there's Secway's Simp Lite. Free and easy.
There used to be a plugin for Gaim in order to use PGP encryption, but I think it no longer works.

thx a lot.

I dont see Privoxy being

I dont see Privoxy being used at all. DNS leak?
DNS leaks will (probably) not occur since "newer" versions of Firefox (~Torpark) correctly support socks4a or socks5. DNS will be handled remotely, hopefully, without leaks. ;)

I've set up MSN messenger with Tor.
This will only hide your identity (assuming your id or messages don't give it up) while you are using MSN. Your conversations are not encrypted (once they leave from an exit node) and can be logged/viewed by governments/exit node operators/third parties. Only use tor with IM if you don't mind your texts being read by "others".

For ENcryption in messenger, there's Secway's Simp Lite.
Although I have never tried this product I'd advise against using it. There are free (libre) alternatives available. You may want to look in to ScatterChat (http://scatterchat.com/), which is released by Hacktivismo (http://hacktivismo.com/). ScatterChat, which is built on top of Gaim, has tor built in and supports IM encryption for AIM, ICQ, Yahoo!, and MSN. There are conflicting reports on whether ScatterChat supports message encryption for Jabber.

Uwe, I have been using Tor

Uwe, I have been using Tor awhile now.

Do you know of a linux distro that anonymizes everything worthwhile, for example, web browsing (would include Tor), email (not sure how), chat (not sure how), skype or skype clone (again, not sure how).

Thanks in advance.

Hi, the closest thing to

Hi,

the closest thing to what you want is probably the Anonym.OS LiveCD. I don't know about other efforts in that direction.

Email: Anonymous remailers.
Chat: You can anonymize IRC with Tor (xchat, irssi). Ditto for ICQ (gaim).
Skype: No idea, sorry. Skype sucks anyways, as it's proprietary ;)

Uwe.

tor Skype using Proxychains

You can tor Skype by using Proxychains: http://ubuntuforums.org/showthread.php?t=419528

Essentially, you're substituting FreeCap with Proxychains, same concept, different application.

Sorry not for linux but

Sorry not for linux but tor-ing skype can be done on pc:

FreeCap is used to send skype through privoxy and tor. It does work.

http://torandskype.blogspot.com/

Not meant for privacy

It seems like there's a slight misunderstanding here. This setup is not going to anyonymize all of your Skype telephony traffic, but will only allow you to tunnel connections to the Skype servers through TOR. As such, your peer-to-peer traffic will not be anonymized, and even your telephony traffic to the skype servers may be unencrypted. You just fake your IP address towards the skype authentication server, that's all.

SOCKS Proxy in KDE

Hi Uwe!

You can easily torify KDE applications by configuring a SOCKS proxy in kcontrol. To do this you also need to install the package dante-client. Then edit /etc/dante.conf to route everything over the tor SOCKS server (e.g. localhost:9050). After this just activate the SOCKS support in the proxy settings of kcontrol. This anonymizes kopete and friends.

Thanks for the tip. I'm not

Thanks for the tip. I'm not sure whether this leaks DNS, you'd have to check that...

Can you please add this information to the Torify HOWTO?

Thanks, Uwe.

KDE Socks...

No, this doesn't leak DNS info as far as I can tell.

Kopete via TOR

The possibility can't be ruled out though:
http://bugs.kde.org/show_bug.cgi?id=122898

It seems kopete doesn't heed to KDE's SOCKS settings.

Thanks, Steve :) There are

Thanks, Steve :)

There are way too many little pitfalls involved with using Tor right now. In order to be usable by newbies or completely non-computersavvy people, it has to get a lot simpler and more foolproof, I think...

Uwe.

using tor after proxy

I am reaching internet via proxy, can you tell me how I can configure my proxy settings

tor and linux

There is a guide about using tor with linux
http://gentoo-wiki.com/HOWTO_Anonymity_with_Tor_and_Privoxy
I found this link on http://www.anonymity.ws
good directory.

Proxy and Tor

Check out this section of the Tor FAQ. I've never done this myself, but it sounds like it should work just fine...

Uwe.