[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tor -- way OT

READ THE MANUALS  ;)  :P  (just kidding!)

Various steps

1  About vpn and reaching the tor gate, your ISP may be able to see that
you are reaching out to make a connection to the various gates/nodes and
you may not want that, as ISPs are passing all personal information to
big-Sister.  And you "may" not want them to do so.  They pick on your
attempt to connect from their own DNS that you normally use.  It seems
as someone vigorously is supplying all ISPs in the world with a daily
updated list of known tor exit-entry-nodes.  So change your DNS servers
to what is assumed to be a safe net of DNS servers that do not log your
DNS requests.  I did say assumed, didn't I?

wiki.opennicproject.org/GettingStarted/#hn_Ubuntu_Linux
servers.opennicproject.org/  (Choose 3-4 from the list and check monthly
for dropped servers and try the ones closest to you, although the
furthest may only be a few hundred milliseconds away).

2  If you can afford a VPN service good for you.  For the less
privileged (like 96% of the planet) there is calyx.net and bitmask.net
https://bitmask.net/en/install/linux#debian-packages
or you can download a standalone package.  There is also a testing-beta
0.9.4 version.  This is a project by Leap.se and has made this open
source code available and is begging to be forked.  It is like openVPN
for dummies (like some of us).

3  tor by torproject.org is open and free just like Debian
That is why Debian only works with torproject and not just any other tor
software.  And all of them will tell your they work better!  Tor is a
network which you need special configuration to enter (and exit) safely.
Everything you wanted to know and were afraid to ask:
https://onion.debian.org/

Once you get tor running and install tor-browser you may also add the
torproject.org repository as well.  Since you are using it you might as
well use onion addresses to replace all repositories (Debian and Tor)

*** ... once you have the "apt-transport-tor" package installed, the
following entries should work in your sources list for a stable system:
(change the stretch to jessie stable testing sid ... or what you have)

deb
1 tor+http://vwakviie2ienjx6t.onion/debian stretch main
deb
2 tor+http://vwakviie2ienjx6t.onion/debian stretch-updates main
deb
3 tor+http://sgvtcaew4bxjd7ln.onion/debian-security stretch/updates    main
deb
4 tor+http://vwakviie2ienjx6t.onion/debian stretch-backports main
deb
5 tor+http://sdscoq7snqtznauu.onion/torproject.org/ testing main

Remember the tor-transport package mentioned above is essential for any
of them to work and a live tor connection.  If tor daemon has stopped
all those addresses will run into an error.
You can also add the deb tor+http://debian...  or any other non onion
address and that works too.


4  And if all this wasn't enough ..... there is MORE!  Try
sandboxed-tor-browser in its 3rd current beta version.  It is just like
the tails tor-browser that can not see beyond its own sandbox (the
Amnesia sandboxed disk within your disk).

5  None of this stuff make any sense if you are enabling scripts and
going to googlefatsbookyoohooemesen ... crap sites!  You are defeating
the purpose of anonymity and privacy.  Do not abuse sensible freedom!
All debian websites do not require any scripts to be accessed and read.
Most respected websites (non-invasive) are the same way.  Those you can
not reach (it gets cloudy out-there) you don't want to read any way.

6  If you want to test your browser for torification use
check.torproject.org
If you want to check the configuration of other browsers and their
effective ability to cover themselves use eff.mozilla
https://panopticlick.eff.org/ but it doesn't mean much as it is compared
with a huge amount of non-tor browsers.

This project browserprint.info seems to be doing part of the same and
more but more directed to tor browsers.  The score is getting better
with every new edition of tor-browser.  The more unique your fingerprint
the easier for little-big-sisters to tell who you might be and what are
you up to.  So, you want to blend in with the fish, not stick out.  You
might hear that "the old tor was better than the new one, I am sticking
with the older version" and that is crap.  As 99% are updating to the
latest your trusty old tor-browser will stick out like a shore thumb!

7  If you are using icedove/thunderbird for mail disable all your
plugins and install tor-birdie which prohibits your mail-system to
communicate without tor.  Nothing comes-in nothing comes-out if the tor
connection has been dropped.

8  There is also tor-chatting and messaging and all kinds of other stuff
I do not use.

9  Don't expect Neo to come, save yourself!

Peter Ludikovsky:
> Hello,
> 
> First things first: AFAIK, just installing privoxy doesn't make it use
> Tor, it just acts as a regular proxy. Visit [1] to see if you're using
> Tor or not. In order to enable chaining through Tor you'll have to have
> a line like
>   forward-socks5	/	<ip>:<port>

I used socks5://127.0.0.1:9050 on midori and the score sucked on the
above mentioned uniqueness profiler.

> Or, you could install the torbrowser-launcher[2] package, which contains
> everything preconfigured for browsing.

It is the only safe way to go, any deviation from the prescribed is
risking anonymity.  You might as well not use any of this stuff.

> Regards,
> /peter
> 
> [1] https://check.torproject.org/
> [2] https://packages.debian.org/jessie/torbrowser-launcher

Read this too:
https://guardianproject.info/2016/07/31/howto-get-all-your-debian-packages-via-tor-onion-services/

> Am 17.03.2017 um 19:28 schrieb Glenn English:
>> I'm trying to use the Tor Browser. They don't seem to have any support
>> (beyond an FAQ) on their site, so I'm asking here.
>>
>> Jessie and XFCE on a Supermicro workstation connected through a T1.
>>
>> I installed Tor a few days ago and it was working fine -- Gmail said
>> it was having authentication problems and that I was using Firefox on
>> Winders in Paris. Just what I'd hoped for.

Get some real mail and leave the G for nonsense ...  Once your real
location and identity is recorded ... any attempts to identify or cover
yourself up from such companies are meaningless.  Just separate your
private life from the "open and free" commercial services.  Move on,
there is nothing to see there :)

>> So I removed privoxy, and now Tor can't even connect to its own network.

Just do a reinstall by forget the standalone apps, do it through apt
apt-get synaptic system installation.  Make sure you get all the gpg
keyring stuff done right.  Once the system has safely got tor-daemon
running the first attempt to start the browser will open up a gui with
options (make sure you enable the sound part :) it will download the
browser safely through tor, which means it verifies its structure hasn't
been altered on its way to you.

Imagine living in a country that is not as free as the US (goughh,..
ghhgh.. bwwraaahhh..) that even reaching a tor gateway needs some bridge
somewhere because all other entry points are blocked by the government's
networking.  If government agents and large corporation executives
wouldn't rely so much to the safety of this network it wouldn't exist.
They don't want their anonymity but they sure do want their own.

Peace (by any means necessary)
kAt

PS  Do not watch Snowden videos with Tor ...  with your Gmail logged in!

-- 
 "The most violent element in society is ignorance" rEG
Reply to: