Friday 26 September 2008

Anonymous browsing with Tor and Privoxy

The Onion Router which is most commonly known as Tor, is a wonderful tool for anonymizing your online activity. Tor consists of public proxies setup by trusted members of the Tor community, who allow other users to make use of their proxies to browse the web. In a typical Tor session, there are at least 3 proxies involved, making it very difficult to trace back any online activity to a single user. Furthermore, the communication between the client and the proxies are tunnelled in layers, providing protection against casual snooping as well.

Setting up Tor on Linux was surprisingly easy. Tor binaries are available in the Fedora repositories, so just simply type
sudo yum install tor

Once installed, invoke Tor by typing
tor

The Tor client will start up and attempt to establish a proxy chain. Once this is complete, it will start a SOCKS proxy on port 9050. To Torrify any application, you simply have to configure it to use the proxy server created by Tor at 127.0.0.1:9050.

If you want to completely anonymize your browsing, there's an additional step involved. Usually applications such as web browsers do not use the SOCKS proxy to tunnel DNS queries. This can lead to information leakage because anyone listening in can see by the DNS query that you're attempting to visit that certain site. Therefore even if your data is secure, your browsing history is not.

The simplest solution is to use a HTTP proxy such as Privoxy and configure it to use Tor. This way you can achieve quite a good level of anonymity online without any hassle.

Privoxy is also available in the repositories, so installation is a breeze.
sudo yum install privoxy
Afterwards, you need to configure it to forward requests through Tor.
sudo echo "forward-socks4a / 127.0.0.1:9050 ." >> /etc/privoxy/config
Start the Privoxy daemon by typing
sudo privoxy /etc/privoxy/config

Configure your browser to use an HTTP proxy at 127.0.0.1:8118 and restart it. If everything went smoothly, you're now browsing anonymously. The best way to see this in action is to open up www.google.com. Depending on the location of the Tor exit node, you will be served with a Google page for that specific region. For example, when I tried it, I was served the Google Denmark page because my Tor exit node was in Denmark. You can also use tools like http://whatismyipaddress.com/ to see how your IP has changed completely due to Tor.

The internet is a wild place. If you are worried about privacy, give Tor a spin. It's definitely a good tool to have handy.

2 comments:

Anonymous said...

Well, you don't get much control over TOR. Especially in cases where you want to beat stupid website limitations like a different output for different countries or download limits... In such cases I prefer to use proxy switcher Altho it's win32 appl...

JanuZ said...

ofcourse. Tor is purely for privacy and anonymity online. If you just want to fool a web app, a simple proxy is more than enough.