Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Anonymous web browsing / instant messaging etc.
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Pythonhead
Developer
Developer


Joined: 16 Dec 2002
Posts: 1801
Location: Redondo Beach, Republic of Calif.

PostPosted: Wed Dec 22, 2004 11:42 pm    Post subject: Anonymous web browsing / instant messaging etc. Reply with quote

In this HOWTO I'll explain how you can browse the web anonymously* by using tor and privoxy with Gentoo.

Tor can also be used to make other network clients (instant messaging, usenet, etc) act anonymously. I will also explain how to make servers on your machine available anonymously through Tor's "hidden services" mechanism.

If you have concerns about aiding infidels, puppy-jugglers or child pornographers, please understand that running a tor client does not require you to operate a node in a p2p network.

*Note: You'll need to disable javascript and java in your browser if you'd like to be as anonymous as possible. See Tor's homepage http://tor.eff.org/ for more information.

Browsing the web anonymously:

As root:
Code:
emerge net-misc/tor
emerge www-proxy/privoxy

Add this line to /etc/privoxy/config
Code:
forward-socks4a / localhost:9050 .

You can put that line at the top of the file, but line 1010 looks like the right place.
Start privoxy:
Code:
/etc/init.d/privoxy start


Copy the tor sample rc file. There is no need to edit for regular operation:
Code:

cp /etc/tor/torrc.sample /etc/tor/torrc


Start tor:
Code:
/etc/init.d/tor start


If you want to start tor with every boot (probably not):
Code:
rc-update add tor default


Configure your web browser's http proxy to point to:
host: 127.0.0.1 port: 8118
(Under Firefox, go to the Edit menu/Prerences/General/Connection)
You should also set your SSL proxy to the same thing, to hide your SSL traffic.

You are now browsing anonymously.

To test it, go to this site and see what ip it reports as your own:
http://peertech.org/privacy-knoppix/

You can use network clients enabled with SOCKS in a similar way.

How to use Gaim, any protocol (Yahoo, Aim etc.) with tor:

Make sure you have privoxy and tor running as explained above.

In Gaim, go to the Tools menu, select Accounts. Select the IM protocol you want to anonymize, click Modify.
Click 'Show more options'
Under 'Proxy Options' select proxy type SOCKS 5
Enter 127.0.01 for the host
Enter 9050 for the port
Leave user/pass blank

No idea how to test this except to have a friend tell you what your ip is. The above method will work with any network client that is capable of SOCKS proxy, such as x-chat, irssi, Azureus etc.

Offering hidden services

A hidden service is a server on your computer that you make available via tor with a .onion top level domain.

A website offered through a hidden service looks like this:
http://6sxoyfb3h2nvok2d.onion/tor/SocatHelp

You can offer hidden services while tor is running as a client or server.

To make your web server available anonymously, edit ~/.tor/torrc and in the hidden services portion add these lines:

Code:
HiddenServiceDir ~/apache_hidden/
HiddenServicePort 80 127.0.0.1:80


Now create ~/apache_hidden and start tor. Look in the file ~/apache_hidden/hostname for the .onion address you want to publish.

Using tor and privoxy makes offering hidden services for web servers easy, but what if you want to make a non-http service available?

Say you have a mud server running on port 5454 and want to make it available as a hidden service. Follow the above steps, creating a directory named ~/mud_hidden/ instead.

To get to your mud people would use the address 34vss3f3tohrri.onion:5454
But telnet can't use the .onion namespace so we need to use socat.

Code:
emerge net-misc/socat
socat TCP4-LISTEN:2222,fork SOCKS4A:localhost:34vss3f3tohrri.onion:7878,socksport=9050


Now you can test it by telnet'ing to localhost: 2222
Do this from another machine to verify its working anonymously.

Note: All of the above steps will enable tor to be used as a client only. In other words you won't be a node and using 20 gigabytes of bandwidth per month, just what you'd normally use by surfing the web.

Todo: Browsing through Tor is a little slow and not necessary for daily use by most. It'd be nice to have a script that starts privoxy, tor, then Firefox with a config that has the proxy set to 127.0.0.1:8118, then shuts it all down when you exit Firefox. For now you can tell privoxy to stop working but not quit, so you don't have to reconfigure your web browser by bookmarking one of the listed bookmarklets:
http://config.privoxy.org/toggle

Tip: To make apps that use http such as wget, lynx, curl etc. use tor automagically put this in your .profile, or .bashrc etc:
Code:

http_proxy=http://127.0.0.1:8118/
HTTP_PROXY=$http_proxy
export http_proxy HTTP_PROXY

This is probably a dumb idea for most people, since it will slow down wget when used by emerge. Not good!

Troubleshooting: The above steps should work for most machines. If you have strict firewall rules you'll need to allow local connections to port 8118 and port 9050. If your firewall blocks outgoing connections, punch a hole so it can connect to TCP ports 80, 443, and 9001-9033.


Last edited by Pythonhead on Sat Mar 12, 2005 6:18 am; edited 17 times in total
Back to top
View user's profile Send private message
Deranger
Veteran
Veteran


Joined: 26 Aug 2004
Posts: 1215

PostPosted: Thu Dec 23, 2004 12:25 am    Post subject: Reply with quote

This is pretty nice, I am going to try this with DC++ and Firefox...I will report how it goes :P

Thanks for this tip, Pythonhead!
Back to top
View user's profile Send private message
Greven
Tux's lil' helper
Tux's lil' helper


Joined: 28 Jul 2002
Posts: 138

PostPosted: Thu Dec 23, 2004 12:44 am    Post subject: Reply with quote

Post this on the Gentoo-wiki. The forums fill up to fast, and this is a great tip.
_________________
veritas vos liberabit...
Linux User Number: 346805
Wine-Wiki
AMD 64 3500+ | MSI "K8T NEO2-FIR" | mushkin Dual Channel DDR 400
Back to top
View user's profile Send private message
ewan.paton
Veteran
Veteran


Joined: 29 Jul 2003
Posts: 1219
Location: glasgow, scotland

PostPosted: Fri Dec 24, 2004 7:15 am    Post subject: Reply with quote

whenever i add forward-socks4a / localhost:9050 . into the config i get an error connecting to any website and a bunch of privoxy options i read tor had been on slashdot and was wondering if they were down

edit ignore me i thought it was either as root or user not both needed to done
_________________
Giay tay nam | Giay nam cao cap | Giay luoi


Last edited by ewan.paton on Sun Dec 26, 2004 3:56 pm; edited 1 time in total
Back to top
View user's profile Send private message
TecHunter
Tux's lil' helper
Tux's lil' helper


Joined: 15 Feb 2003
Posts: 124

PostPosted: Fri Dec 24, 2004 10:37 am    Post subject: Reply with quote

good howto
But anyone knows how to supply anonymous service for the computers in lan on the gateway?
_________________
Gentoo is GREAT!!!
Back to top
View user's profile Send private message
Eejay
n00b
n00b


Joined: 12 Nov 2004
Posts: 13
Location: California

PostPosted: Sun Dec 26, 2004 1:45 am    Post subject: Reply with quote

Dose this method work with SUSE Linux 9.2 professional edition along with a KDE/ Konqueror web browser
I know, This forums for people who use Gentoo Linux but everyone keep telling me that Gentoo Linux would be to difficult for me to use and recommended SUSE Linux.

I went through life living hell installing SUSE Linux so I don't want to make any mistakes and have to go through the nightmare of having to install SUSE again.
_________________
Eejay
Back to top
View user's profile Send private message
troworld
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2003
Posts: 95
Location: ON, CA

PostPosted: Sun Dec 26, 2004 5:04 am    Post subject: Reply with quote

I just posted this article at Gentoo Wiki with some additions/changes. You may have to refresh the page a few times to get to the article, since the wiki is suffering from some weird problem, where all links get you to a random page the first few times you try them.
Back to top
View user's profile Send private message
prolific
Apprentice
Apprentice


Joined: 19 Apr 2002
Posts: 237

PostPosted: Sun Dec 26, 2004 10:55 am    Post subject: Reply with quote

ok i tried tor with a few irc servers ... it works but i get banned from the irc servers and get a msg saying forward dns doesn't match reverse dns .... if anyone finds an EFNET server that allows tor to go through, post here .. :)
Back to top
View user's profile Send private message
elabdel
n00b
n00b


Joined: 19 Apr 2004
Posts: 71
Location: France

PostPosted: Tue Dec 28, 2004 8:10 am    Post subject: Reply with quote

Hello and thank you for this topic

Now I can browse the web anonymously, but somes targets (ports) witch were closed or hiden are now opened.
http://www.auditmypc.com/freescan/scanoptions.asp

How could I hide targets with a firewall and what firewall is easy to use.
Back to top
View user's profile Send private message
zephyr1256
Apprentice
Apprentice


Joined: 10 Mar 2003
Posts: 170
Location: Kingsport, TN

PostPosted: Mon Jan 10, 2005 12:42 am    Post subject: Reply with quote

Works very well for me, not too slow, and I can browse the regular internet anonymously, unlike freenet(which was way too slow, has been known to produce so much traffic it caused my soho router to reset, and didn't help with anonymity on the internet in general).

Almost perfect. Almost, the one problem is that some secure login sites do not work if you are using tor. Simple enough, I can use another browser for those sites and have the best of both worlds.

edit: Another odd thing I've noticed, when using the proxy, is that google usually thinks I'm from some other country because it regionalizes based on location of the detected ip of the client. Search still works, but it may alter the results, and certainly results in me seeing stuff in different languages on the google site. Fortunately the links it returns so far are usually English language sites, so its still usable.
_________________
The Congress shall have power...To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries; --U.S. Constitution. Article 1, Section 8.
Back to top
View user's profile Send private message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2423
Location: Edmonton, AB

PostPosted: Fri Jan 14, 2005 8:23 pm    Post subject: Reply with quote

Code:
$ /usr/bin/tor -f  ~/.tor/torrc


Do I need to start tor as user and run it in a background?

When I start it as user it doesn't return to command prompt.
Do I need to start it in a background?
Does anybody know how to ad this code to one of the Firefox profiles?
_________________
#Joseph
Back to top
View user's profile Send private message
troworld
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2003
Posts: 95
Location: ON, CA

PostPosted: Fri Jan 14, 2005 8:36 pm    Post subject: Reply with quote

To run that command in the background, add a "&" at the end, so:
Code:
$ /usr/bin/tor -f  ~/.tor/torrc &

I don't use Firefox, so I don't know how profiles work, but you could always write a two-line bash script that would contain the above tor line and the firefox command. Then you could run that script instead of /usr/bin/firefox (or whatever it is in your case).
Back to top
View user's profile Send private message
Pink
Veteran
Veteran


Joined: 24 Jul 2003
Posts: 1062

PostPosted: Fri Jan 14, 2005 8:40 pm    Post subject: Reply with quote

nm: read it again and found the obvious answer :oops:
_________________
usefuljaja.com - VPS Tutorials
Back to top
View user's profile Send private message
Master One
l33t
l33t


Joined: 25 Aug 2003
Posts: 754
Location: Austria

PostPosted: Sat Jan 15, 2005 10:42 am    Post subject: Reply with quote

That's pretty amazing, just doing some tests with tor in client mode on a local proxyserver (lan -> squid -> privoxy -> tor -> inet), which works pretty impressively fast.

BTW There is an option in the torrc to have it run in daemon mode, so no need to start it with '/usr/bin/tor -f ~/.tor/torrc &'.

Why is there no init script for this software?
_________________
Las torturas mentales de la CIA
Back to top
View user's profile Send private message
Master One
l33t
l33t


Joined: 25 Aug 2003
Posts: 754
Location: Austria

PostPosted: Sat Jan 15, 2005 10:47 am    Post subject: Reply with quote

BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that?
_________________
Las torturas mentales de la CIA
Back to top
View user's profile Send private message
etnoy
Apprentice
Apprentice


Joined: 29 Aug 2003
Posts: 255
Location: Västerås, Sweden

PostPosted: Sat Jan 15, 2005 8:49 pm    Post subject: Reply with quote

Master One wrote:
BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my
internal IP address works, and how to prevent that?


I'd also like to know that.
_________________
The md5sum of the above post is 06280ccd85ef9deb49c336e7945f4b5c

God is dead! - Nietzsche
Nietzsche is dead! -God
Back to top
View user's profile Send private message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2423
Location: Edmonton, AB

PostPosted: Sat Jan 15, 2005 9:21 pm    Post subject: Reply with quote

Master One wrote:
BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that?


It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
Correct me anybody if I'm wrong.
_________________
#Joseph
Back to top
View user's profile Send private message
etnoy
Apprentice
Apprentice


Joined: 29 Aug 2003
Posts: 255
Location: Västerås, Sweden

PostPosted: Sat Jan 15, 2005 10:42 pm    Post subject: Reply with quote

Joseph_sys wrote:
Master One wrote:
BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that?


It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
Correct me anybody if I'm wrong.


I see that, but I also see the following:
Code:
Notice!

Our system detects your internal IP address as 192.168.0.12 and your external address as XX.XXX.XX.XXX  Your internal IP should be hidden whereas your external is always exposed.


So somehow they can detect my internal NATed IP. How to fix that?
_________________
The md5sum of the above post is 06280ccd85ef9deb49c336e7945f4b5c

God is dead! - Nietzsche
Nietzsche is dead! -God
Back to top
View user's profile Send private message
Ohnodoctor
n00b
n00b


Joined: 02 Jun 2004
Posts: 17
Location: /home/

PostPosted: Sun Jan 16, 2005 3:12 am    Post subject: Reply with quote

I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences.
Back to top
View user's profile Send private message
amiatrome
Apprentice
Apprentice


Joined: 28 Jun 2004
Posts: 180
Location: Campus | Arena Country Club | Home

PostPosted: Sun Jan 16, 2005 3:24 am    Post subject: Reply with quote

Nice! This will come in very handy on my laptop. :wink:
_________________
blog | homepage | alias | prompts
Back to top
View user's profile Send private message
Master One
l33t
l33t


Joined: 25 Aug 2003
Posts: 754
Location: Austria

PostPosted: Sun Jan 16, 2005 3:46 pm    Post subject: Reply with quote

Ohnodoctor wrote:
I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences.

Quite insteresting, but I only use Konqueror.
Is this a normal plugin, that can be used in Konquerer as well, or is there something similar especially for Konqueror?

BTW Does anybody have any experience with Azureus running over TOR? At the moment I am using mldonkey, but it has no SOCKS support (tried it with http_proxy connecting to my squid -> privoxy -> tor line, but this does not work at all). If someone could confirm, that Azureus is working fine with tor, it would be a great step forward in anonymous P2P usage, and I really would consider swapping from mldoney to Azureus.
_________________
Las torturas mentales de la CIA
Back to top
View user's profile Send private message
OverlordQ
n00b
n00b


Joined: 17 Jan 2005
Posts: 2

PostPosted: Mon Jan 17, 2005 6:15 am    Post subject: Reply with quote

etnoy wrote:
Joseph_sys wrote:
Master One wrote:
BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that?


It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
Correct me anybody if I'm wrong.


I see that, but I also see the following:
Code:
Notice!

Our system detects your internal IP address as 192.168.0.12 and your external address as XX.XXX.XX.XXX  Your internal IP should be hidden whereas your external is always exposed.


So somehow they can detect my internal NATed IP. How to fix that?


Um, disable Java?
Back to top
View user's profile Send private message
OverlordQ
n00b
n00b


Joined: 17 Jan 2005
Posts: 2

PostPosted: Mon Jan 17, 2005 6:16 am    Post subject: Reply with quote

Master One wrote:
Ohnodoctor wrote:
I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences.

Quite insteresting, but I only use Konqueror.
Is this a normal plugin, that can be used in Konquerer as well, or is there something similar especially for Konqueror?

BTW Does anybody have any experience with Azureus running over TOR? At the moment I am using mldonkey, but it has no SOCKS support (tried it with http_proxy connecting to my squid -> privoxy -> tor line, but this does not work at all). If someone could confirm, that Azureus is working fine with tor, it would be a great step forward in anonymous P2P usage, and I really would consider swapping from mldoney to Azureus.


You shouldn't use Tor for Az since it mainly can't handle the traffic, but if you'd FGI, you'd come up with this link: http://azureus.sourceforge.net/doc/AnonBT/
Back to top
View user's profile Send private message
sprite
Tux's lil' helper
Tux's lil' helper


Joined: 10 Jun 2003
Posts: 143
Location: Camarillo, California (USA)

PostPosted: Mon Jan 17, 2005 6:33 am    Post subject: Reply with quote

this is a badass guide =] and to top it off, the switchproxy plugin is incredible... thanks~

tag for refrence..
Back to top
View user's profile Send private message
Ateo
Advocate
Advocate


Joined: 02 Jun 2003
Posts: 2019
Location: Earth

PostPosted: Mon Jan 17, 2005 7:52 pm    Post subject: Reply with quote

This is a great tip. However, it doesn't seem practical when browsing slows. I understand the original author said it's not practical for daily browsing.... So what's the point of this?

Also, I have found that I need to restart both the proxy and tor frequently in order to browse. Nonetheless, it does work. I have a admin access to a phpbb forum and thus checked my IP. They are always different.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum