Francois Marier: Things that work well with Tor
Tor is a proxy server which allows its users to
hide their IP address from the websites they connect to. In order to provide
this level of anonymity however, it introduces latency into these
connections, an unfortunate performance-privacy trade-off which means that
few users choose to do all of their browsing through Tor.
Here are a few things that I have found work quite well through Tor. If
there are any other interesting use cases I've missed, please leave a comment!
Tor setup
There are already great docs on how to
install and configure the Tor server
and the only thing I would add is that I've found that having a Polipo proxy
around is quite useful for those applications that support HTTP
proxies but not SOCKS proxies.
On Debian, it's just a matter of installing the
polipo package and then
configuring it as it used to be recommended by the Tor project.
Tor setup
There are already great docs on how to
install and configure the Tor server
and the only thing I would add is that I've found that having a Polipo proxy
around is quite useful for those applications that support HTTP
proxies but not SOCKS proxies.
On Debian, it's just a matter of installing the
polipo package and then
configuring it as it used to be recommended by the Tor project.
RSS feeds
The whole idea behind RSS feeds is that
articles are downloaded in batch ahead of time. In other words, latency
doesn't matter.
I use akregator to read blogs and the
way to make it fetch articles over Tor is to change the
KDE-wide proxy server using systemsettings
and setting a
manual proxy of localhost
on port 8008
(i.e. the local instance of
Polipo).
Similarly, I use podget to automatically
fetch podcasts through this cron job in /etc/cron.d/podget-francois
:
0 12 * * 1-5 francois http_proxy=http://localhost:8008/ https_proxy=http://localhost:8008/ nocache nice ionice -n7 /usr/bin/podget -s
Prior to that, I was using
hpodder and had the following in
~/.hpodder/curlrc
:
proxy=socks4a://localhost:9050
GnuPG
For those of us using the GNU Privacy Guard to exchange
encrypted emails,
keeping our public keyring up to date is important since it's the only way
to ensure that
revoked keys
are taken into account. The
script I use
for this runs once a day and has the unfortunate side effect of revealing the
contents of my address book to the keyserver I use.
Therefore, I figured that I should at least hide my IP address by putting
the following in ~/.gnupg/gpg.conf
:
keyserver-options http-proxy=http://127.0.0.1:8008
However, that tends to makes key submission fail and so I created a key
submission alias in my ~/.bashrc
which avoids sending keys through Tor:
alias gpgsendkeys='gpg --send-keys --keyserver-options http-proxy=""'
Instant messaging
Communication via XMPP is another use
case that's not affected much by a bit of extra latency.
To get Pidgin to talk to an XMPP server over Tor,
simply open "Tools Preferences" and set a SOCKS5
(not Tor/Privacy
)
proxy of localhost
on port 9050
.
GMail
Finally, I found that since I am
running GMail in a separate browser profile,
I can take advantage of GMail's excellent caching and preloading and run the
whole thing over Tor by setting that entire browser profile to run its
traffic through the Tor SOCKS proxy on port 9050
.
systemsettings
and setting a
manual proxy of localhost
on port 8008
(i.e. the local instance of
Polipo).
Similarly, I use podget to automatically
fetch podcasts through this cron job in /etc/cron.d/podget-francois
:
0 12 * * 1-5 francois http_proxy=http://localhost:8008/ https_proxy=http://localhost:8008/ nocache nice ionice -n7 /usr/bin/podget -s
Prior to that, I was using
hpodder and had the following in
~/.hpodder/curlrc
:
proxy=socks4a://localhost:9050
GnuPG
For those of us using the GNU Privacy Guard to exchange
encrypted emails,
keeping our public keyring up to date is important since it's the only way
to ensure that
revoked keys
are taken into account. The
script I use
for this runs once a day and has the unfortunate side effect of revealing the
contents of my address book to the keyserver I use.
Therefore, I figured that I should at least hide my IP address by putting
the following in ~/.gnupg/gpg.conf
:
keyserver-options http-proxy=http://127.0.0.1:8008
However, that tends to makes key submission fail and so I created a key
submission alias in my ~/.bashrc
which avoids sending keys through Tor:
alias gpgsendkeys='gpg --send-keys --keyserver-options http-proxy=""'
Instant messaging
Communication via XMPP is another use
case that's not affected much by a bit of extra latency.
To get Pidgin to talk to an XMPP server over Tor,
simply open "Tools Preferences" and set a SOCKS5
(not Tor/Privacy
)
proxy of localhost
on port 9050
.
GMail
Finally, I found that since I am
running GMail in a separate browser profile,
I can take advantage of GMail's excellent caching and preloading and run the
whole thing over Tor by setting that entire browser profile to run its
traffic through the Tor SOCKS proxy on port 9050
.
keyserver-options http-proxy=http://127.0.0.1:8008
alias gpgsendkeys='gpg --send-keys --keyserver-options http-proxy=""'
SOCKS5
(not Tor/Privacy
)
proxy of localhost
on port 9050
.