HOWTO use the Internet anonymously using Tor and Privoxy
The basic setup
First, install the needed software.
Fedora Core / Debian / Ubuntu apt-users:
apt-get install privoxy tor
emerge net-misc/tor net-proxy/privoxy
Add this to /etc/privoxy/config (anywhere, the end of the file is always good):
forward-socks4a / localhost:9050 .
Replace localhost with the IP if you plan on running Tor on another server on your local network (like your firewall):
forward-socks4a / 192.168.1.20:9050 .
That is actually all you need, now you can start privoxy:
And perhaps make it start at boot?
chkconfig privoxy on
rc-update add privoxy default
The default configuration example is setup to run Tor in client mode and works out-of-the-box:
cp /etc/tor/torrc.sample /etc/tor/torrc
Change "SocksBindAddress" and set a "SocksPolicy" if you want to connect to the Tor service from another computer:
..and now all you need to do is to start Tor:
Shell programs like wget, lynx and curl will read the shell's proxy variables (if any) and use them. You likely want to set these variables:
There is a nice shell script which sets a few aliases available at shellscripts.org: Shell Aliases and functions for tor.
Set the web browsers http proxy to use privoxy (host: 127.0.0.1 port: 8118)
- Under Firefox, go to the Edit menu -> Preferences -> General -> Connection (also see an extension for Firefox below)
- Under Opera, go to the Tools menu -> Preferences -> Advanced -> Network -> Proxy Servers
- Under Konqueror, go to the Settings menu -> Configure Konqueror. Scroll down to Proxy. Click Manually specify the proxy settings and then click Setup
Make sure you specify that your browser must use Tor for all protocols. Tor does not work for ftp, but if you do not ask your browser to use Tor for ftp anyway then a website which loads an image using ftp will still log your location. (How do I use my browser for ftp with Tor?)
Use the "torify" wrapper to start irssi:
- Go to the Tools menu, select Accounts
- Select the IM protocol you want to anonymize
- Click Modify
- Click Show more options
- Under Proxy Options select proxy type SOCKS 5
- Enter 127.0.0.1 for the host
- Enter 9050 for the port
- Leave user/pass field blank
Settings -> Preferences -> Network -> Network Setup.
Then enter 127.0.0.1 and port 9050 in the "Proxy Server" settings.
You can telnet to Tor's control port and enter commands.
- "signal newnym" will make Tor switch to clean circuits, so new application requests don't share any circuits with old ones.
- "getinfo circuit-status" will show what circuits are open and used.
Using the same exit for persistant connections
Some websites will log you out if you re-visit (while loggined in using a cookie to identify you) from a different IP. Tor has a feature called long lived ports. You could add the following to torrc to make connections to given ports use the same circut for a long period of time:
A good alternative to LongLivedPorts is to use MapAddress for given sites. It allows you to make sure every connection to a given site goes through the same connection. This is also a good option if you need given sites to be visited from a given country.
MapAddress www.nsa.gov www.nsa.gov.nadia.exit
will make all visits to www.nsa.gov always use the edit node nadia, which is located in the US. There are anonymity issues with this; if you're the only one using it then www.nsa.gov can at least figure out that it's the same guy who's visiting when connections are coming from that exit node.
Make Tor act faster
It is also possible to make Tor connections seem faster by setting CircuitBuildTimeout. Setting this number lower than the default (60 seconds) makes Tor give up and try other paths if it takes longer than the limit to build a circut. A circut which takes 50 seconds to build will be slower than a circut that takes 15 seconds to build. For example, you could set:
However, it must be mentioned that you will be using a whole lot more different servers if you allow circuts who take 50 seconds to build than if you set the limit to 10 seconds. There isn't much solid research on exactly how this impacts traffic analysis resistance, but you're - generally speaking - better off using a lot of slow servers than a few fast ones.
Discontinued (outdated) Tor GUIs: