Tor

Tor is an onion routing internet anonymity system.

Emerge
Install :

Configuration
Tor ships with a minimal configuration in so that it works out of the box:

OpenRC
To start immediately:

To start the tor service on system boot, add it to the default runlevel:

Systemd
To start immediately:

To start the tor service on system boot:

Emerge messages
* Messages for package net-misc/tor-0.2.3.25:

* We created a configuration file for tor, /etc/tor/torrc, but you can * change it according to your needs. Use the torrc.sample that is in * that directory as a guide. Also, to have privoxy work with tor * just add the following line * * forward-socks4a / localhost:9050. * * to /etc/privoxy/config. Notice the. at the end!

Firefox
Edit > Preferences

Advanced > Network > Settings manual proxy configuration: http proxy          port: 0 ssl proxy           port: 0 ftp proxy           port: 0 socks host 127.0.0.1 port: 9050 check SOCKS v4 No Proxy for: localhost, 127.0.0.1

'SOCKS v4' is actually SOCKS 4a internally. SOCKS v5 needs more configuration for safe DNS, explained here.

Type into the URL textbox and set the following:

network.proxy.socks_remote_dns   true network.dns.disablePrefetch      true network.dns.disableIPv6          true

This way Firefox will resolve host names via tor, which prevents DNS leaks.

media.peerconnection.enabled   false

This prevents leaking the system ip address through WebRTC requests.

xombrero
Edit by adding the following lines:

Optionally, it is possible to set different string values to the user_agent and http_accept variables. There are two files with user_agent string and http_accept headers in xombrero source code folder: user-agent-headers and http-accept-headers. These strings can be easily selected and added to the {Path|.xombrero.conf}} file with the following commands:

DNS
Some applications may leak DNS requests. The easiest way to check if this really happens is to look at system logs.

If an application is configured correctly, nothing shows in the logs. Below is an example of a message for a misconfigured application (or for a webpage that stores links in form of IP addresses):

Oct 14 14:44:44 localhost Tor[666]: Your application (using socks5 to port 80) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.

In order to check how this works, one needs to give an application an IP address instead of a domain name, retrieved by running the tor-resolve command for example.

TORDNS Resolver
Tor can work like a regular DNS server, and resolve the domain via the Tor network. A downside is that it is only able to resolve DNS queries for A-records. MX and NS queries are never answered.

To enable built-in DNS forwarder add the following lines to the /etc/tor/torrc file and restart the daemon:

Then to prevent leak DNS requests make ONLY TORDNS default DNS resolver of you system in /etc/resolv.conf:

If you use dhcpd you would need to change its settings in /etc/dhcpcd.conf to that it does not alter the resolv configuration file:

If you use pppoe you would need to change its settings in /etc/ppp/pppoe.conf to that it does not alter the resolv configuration file:

And finaly redirect ALL DNS request on you system from port 53 to 127.0.0.1:9053 where TORDNS listen for requests. Redirect to the local (torified) nameserver any DNS connection left:

Disabling non-tor traffic
The following iptables rules will prevent non-Tor traffic leaving the host and disable all new connections from outside in case if the host must be configured as a Tor client:

TOR and firewall
If you want allow TOR use only spacial addresses you can specify it. For example our firewall allow outgoing connection only through https (443) port, so add to /etc/tor/torrc:

Torify
For applications which do not support the use of proxies or Tor, you can use the "torify" command to force their traffic through the Tor network. (e.g. - or ).

Transparent Tor Proxy
Tor can work like a transparent proxy. It's best way of using Tor!

To enable built-in transparent proxy add the following lines to the /etc/tor/torrc file and restart the daemon:

And finaly redirect ALL non tor owned outgoing trafic to TOR transparent proxy:

Stream isolation
Accessing a site of a small town where you are the only one user of Tor would greatly increase attacker's chances to find you. Other examples include mixing gpg traffic with the traffic of a web browser or mixing irssi circuits with the circuits of a bitcoin wallet. In all cases an exit node can make correlation between separate activities. So, sometimes it's necessary to have a few different anonymity modes. Stream isolation provides an easy way to separate different Tor circuits and make different applications use isolated streams. In order to use stream isolation, add as many socks ports as necessary in torrc.

Configure the applications to point to different socks ports. All requests made to different socks ports will then pass through different Tor circuits and get different exit nodes. Sometimes Tor will only use a different entry guard or middle relay, though. This behavior is considered normal.

Rules for TOR circuits
man tor give us god explanation of various useful options. If you wont go away from ECHELON you probably wont add to /etc/tor/torrc:

StrictNodes =1 together with ExcludeNodes {au}, {ca}, {gb}, {nz}, {us} will completely exclude TOR nodes from that country, but we also disallow connection to TOR hidden services located there. So it is bater comment ExcludeNodes or set StrictNodes =0. Also we mark NodeFamily {au}, {ca}, {gb}, {nz}, {us} all that nodes as "single administration" by Five Eyes. Directive NodeFamily can be used multiple times.

EntryNodes and ExitNodes can be used to select spacial nodes for entering end exit from TOR network respectively.

Instead of country codes you can use IP4, IP6 addresses and subnets.

Run TOR in SandBox
TOR has own sandbox futures. It may give more protection of your system when TOR is compromised. To turn it on add to /etc/tor/torrc:

Setting up a hidden service
Setting up a tor hidden service is easy.

All you need to do is add 2 lines to the configuration file, and make sure your permissions are correct for the data directory.

The first line tells Tor to insert the public and private keys into the directory specified.

The next line tells Tor to direct traffic on hidden service port 80 to the IP and port specified.

You will need to make sure that the directory is owned and only readable/writable by tor, for example:

Simple command-line file downloading
The popular wget utility cannot talk to socks proxy. However, you can use the tor network to download any resource located at a given URL and save it in a FILE using :

The --socks5-hostname means that hostnames are resolved via tor instead of your system's DNS resolution, thus preventing DNS leaks.

If you don't have curl on your system, you can just emerge net-misc/curl.

Portage
You can configure Portage to sync its tree and fetch packages via tor. Add the following to :

All the extra quoting is necessary. Have a look at "man curl" for more customization options.

Curl doesn't follow 302 redirect by default (cf. ). Pass -L to enable that behaviour.

cannot be used to update the Portage tree via tor, because rsync cannot use socks proxy. In order to sync the Portage tree via tor, use the command:

This fetches the portage tree snapshot over http. The added advantage is that you can configure emerge-webrsync to additionally verify the cryptographic signature of the portage tree, which cannot be achieved when using. Such verification is explained in the Gentoo Handbook.

Installing or updating is done as usual, e.g.:

Check if using Tor
Visit: https://check.torproject.org/

There is a lots of site in Internet for testing your anonymity. One of the best is whoer.net. Another nice one: ipleak.net. To hide more information, you can try disable: Javascript, Flash, Java, ActiveX, WebRTC. For hide HTML headers use Random Agent Spoofer and/or net-proxy/privoxy. Some mozila addons also may keep you privacy Request Policy, Privacy Badger and others...

Checking for network leaks
Tor is a great tool for enhancing your privacy in many situations. Unfortunately, it is a common misconception that it makes you always 100% anonymous. Unfortunately it's not so. Let's have a brief look at how our privacy has changed now that we have tor up and running.

Local network admin or ISP
These people can no longer easily see which other hosts you contact.

However, this only works for programs which were configured to use tor and do not leak DNS requests. So remember that you might have some non-tor traffic due to other browsers, email, IRC, instant messenger, video conferencing, games, bittorrent, bitcoin, remote desktop, other machines NATing through your box, and all other network software.

Even though your ISP cannot see exactly what you do while using tor, they can still see that you USE tor, and WHEN and HOW MUCH you download and upload via tor. Let's say there is a website under an adversary's observation. The adversary can see that someone accessed it via tor to download 2670kB at 9:22AM, upload 340kB at 9:27AM and download 9885kB at 9:31AM. If it was you, your ISP can see that at these precise times your tor activity was almost the same size. Then if the adversary observing the website can also get your traffic summary from your ISP, it will be obvious for them that it was you accessing the website. Just a few timestamps like this can identify you as the user beyond any doubt. A solution is to have lots of tor traffic entering and leaving your system at all times. Therefore it is highly advisable to configure tor to also act as a relay.

Machine admin
If some other people have administrative privileges on your machine, or gain your or root's privileges through an attack, they can easily monitor all you do, type, and browse, as you do it, or later by inspecting your history, and it doesn't help at all that you use tor. Therefore, make sure to administer your system yourself and treat security as an important constituent of remaining anonymous.

Attackers with physical access
It's as easy to install e.g. a small hardware keylogger as it was before using tor, so no privacy gains here.

The websites/services you connect to
Perhaps surprisingly, you didn't gain almost any extra privacy by using tor. Let us consider the websites you browse. From their point of view the only thing that has changed about you is your IP address. However, the IP address has never been used as a very useful tool to track and spy on users. This is because the vast majority of Internet users either have a dynamic IP address or share one with a large number of other users. Therefore the parties interested in tracking and spying on you have developed amazingly advanced techniques to knowing who you are and what you do online without knowing your IP address. Some of the most obvious tracking techniques are:

- Cookies, supercookies, DOM/HTML5 storage. If you enable them, you can be very easily tracked. Solution: never ever enable cookies while using tor.

- Browser fingerprinting. Your browser is sending huge amount of information about your system to any website you visit, making you uniquely identifiable. For an illustration, visit panopticlick.eff.org. As a note, this is true not only for browsers, but for other protocol clients as well. Solution: you may try some privacy plugins for your browser, or a special privacy-oriented browser.

- JavaScript or other browser-native scripting. Scripts running in the browser can gather enormous amount of information about your system, making you uniquely identifiable. For an example, open your browser's JS developer tools (F12 in Firefox) and have a look at the 'navigator' built-in variable. Also whenever you type, websites can monitor the precise timing of your keystrokes to create your typing fingerprint. Such a fingerprint is very unique and if compared with your known typing fingerprint, it can identify you as the user. The same goes for mouse movements over the browser window as you browse. Solution: disable JavaScript in your browser.

- Java. Many orders of magnitude worse than JavaScript. A signed Java applet has access to your filesystem, and can read and write files without asking for permission. It can also figure out your real IP (that's what we tried to hide with tor), create sockets, or send your files to some server without your knowledge. Solution: under no circumstance install Java for your browser.

- Flash. Similar to Java, but in practice it's a bigger threat simply because so many websites require Flash, which forces many users to install it. It's just as large privacy threat as Java. Solution: under no circumstance install Flash. Beware, some browsers could come with Flash preinstalled, avoid those.

- Geolocation. Websites can ask the browser to provide your geographic location. Solution: disable geolocation in your browser.

- HTTP headers. Some headers like Referer or ETag are used to track you as you browse between various websites. Solution: Referer header can be disabled in Firefox in about:config, by setting network.http.sendRefererHeader to 0. FIXME: Any ETag solutions?

- Login. As soon as you log in to any service, your whole anonymity is gone and your tor connection becomes identified as yours. Solution: Never ever log in to web mail, social network, or any other website while using tor. It might be a better idea to run another browser not via tor for the websites where you need to log in. Never use the same browser for both tor and non-tor traffic.

- Browsers' bugs. Browsers have a lot of bugs that reduce or eliminate your privacy, and people who track and spy on you use them. Examples include a search giant using cookie preferences bug to set cookies even though disabled, or recent Chrome's bug that allows a website to access your microphone and monitor what you say: http://tech.slashdot.org/story/14/01/22/2156235/chrome-bugs-lets-sites-listen-to-your-private-conversations

This list is by no means exhaustive.

As you can see, just these most obvious techniques allow a website to easily identify you, no matter what your IP address appears to be.

Tips
Here are some tips to remain anonymous while using tor:

- Advertisers and social media. This is by far the most widespread privacy threat faced on the web, simply because of the coverage. Almost all popular websites display ads from some giant ad provider. Similarly most websites include small pieces of code from many social networks, e.g. to display the "like" buttons, microblogging links, "login with FooBar" authentication dialogs, etc. This means that these few Internet giants have their code injected into almost any website people visit. This way they can easily track and spy on anyone visiting almost any website. Some other institutions are known to tap into this tracking/spying datastream. It's relatively difficult to eliminate this threat. Most of the ads can be blocked by an ad blocking browser plugin. Similarly, plugins may exist for your browser, which eliminate social network components, external authentication, and other third-party content.

- Browsers' extensions. Some of the extensions that can be installed in browsers can in fact track you. E.g. social network integration plugins, extensions that observe your browsing, etc.

- Browsers' usage statistics. Some browsers gather info about your browsing habits and send them to the developers. In Firefox this can be disabled in Preferences > Advanced > Data Choices.

- Custom links. Let's say a friend uses a website to invite you to do something. Then the website sends you an email with a link like this: website.domain/enGm7IKS. By opening the link, your tor connection has been identified to be yours, because the enGm7IKS part is unique for your email address.

- Tor attacks. There are a number of known attacks that can detorify you. E.g. if the adversary controls both your entry and exit node for tor network, they could after some time correlate your common activities and figure out who you are.

- Sometimes just the fact that you use tor makes you quite special: http://yro.slashdot.org/story/13/12/18/047246/harvard-bomb-hoax-perpetrator-caught-despite-tor-use

Remember, some institutions having smart people and billions of dollars at their disposal are in the business of tracking and spying on you. This includes oppressive regimes, advertising giants, social networks, etc. The revelations coming from whistle-blowers have shown us the extent of some of the current surveillance. If you want to protect your privacy and remain anonymous, you have still a lot to do. Remain extra-paranoid. Above all please educate yourself about how the tor network works, what are the common problems, and what could be done to prevent it. Also, read about some recent government attacks on the tor network. In some countries most tor nodes might be run by an adversary. Also, read about browser fingerprinting and what could be done to prevent it. Find out about other non-tor-related privacy attacks. The privacy war will be a life-long one against giant opponents, and you are never done. Welcome aboard and good luck.