Proxy routing with Tor and Privoxy
From ArchWiki
Contents |
About
There might be some situations where you want to be completely anonymous while using Internet. One way to go about this is using Tor and Privoxy.
From Wikipedia, the free encyclopedia:
Tor is an implementation of second-generation onion routing - an anonymity system enabling its users to communicate anonymously on the Internet.
Users of the Tor network run an onion proxy on their machine. This software connects out to Tor, periodically negotiating a virtual circuit through the Tor network. Tor employs cryptography in a layered manner (hence the 'onion' analogy), ensuring perfect forward secrecy between routers. At the same time, the onion proxy software presents a SOCKS interface to its clients. SOCKS-aware applications may be pointed at Tor, which then multiplexes the traffic through a Tor virtual circuit.
Privoxy is a filtering proxy for the HTTP protocol, frequently used in combination with Tor. Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, etc. It supports both stand-alone systems and multi-user networks.
Using privoxy is necessary because browsers leak your DNS requests when they use a SOCKS proxy directly, which is bad for your anonymity.
Installation and setup
First, go to http://whatsmyip.net/ and write down your IP address.
$ pacman -Sy tor privoxy
Edit your /etc/privoxy/config file and add this line at the end (be sure to include the . at the end and make sure to preserve the file owner and group as "privoxy"):
forward-socks4a / localhost:9050 .
Make sure your /etc/hosts is correctly set up. By default in Arch, "hostname" has the name "localhost" but you need to make sure it has the name you used in your /etc/rc.conf.
E.g. in the Arch default rc.conf HOSTNAME="myhost", so in /etc/hosts it should be:
#<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 myhost.localdomain myhost localhost
Add tor and privoxy to your DAEMONS array in /etc/rc.conf
DAEMONS=(syslog-ng ... privoxy tor)
Start them both with
# /etc/rc.d/tor start # /etc/rc.d/privoxy start
or restart your computer.
If errors appear when accessing /var/log/privoxy/, user can add the following after '/bin/bash' in /etc/rc.d/privoxy and then restart privoxy.
if [ ! -d /var/log/privoxy ] then mkdir /var/log/privoxy touch /var/log/privoxy/errorfile touch /var/log/privoxy/logfile chown -R privoxy:adm /var/log/privoxy fi
Tor and Privoxy in Firefox
The easiest way to do this is to use the Torbutton extension.
Alternatively, you can use SwitchProxy Tool. After restarting Firefox you will have a new toolbar. Click Add, select Standard proxy type. Choose whatever Proxy Label you want, e.g Tor. Enter into both the HTTP Proxy and SSL Proxy fields:
Hostname: 127.0.0.1 Port: 8118
This will point Firefox at Privoxy. You can also add exeptions in the No Proxy for field.
Now, return to http://whatsmyip.net/ and check so that your IP is diffrent from before.
Another Tor testing link
You can check that you are using Tor by pointing your browser to this address or this.
Tor and Privoxy in other applications
You can also use this setup in other applications like instant messaging, Jabber, IRC, etc.
Applications that support HTTP proxies you can point at Privoxy (127.0.0.1 port 8118).
To use SOCKS proxy directly, you can point your application at Tor (127.0.0.1 port 9050). A problem with this method though is that applications doing DNS resolves by themselves may leak information. Consider using Socks4A (e.g. via privoxy) instead.
Links
Tor - http://www.torproject.org/
Privoxy - http://www.privoxy.org/