What is Tor?
"Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known astraffic analysis
Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected."
https://www.torproject.org/about/overview.html.en
"Why do we need Polipo or Privoxy with Tor? Which is better?
The first question is, "why a HTTP proxy at all?"
The answer is, because Firefox SOCKS layer has hard-coded timeouts, and other issues, https://bugzilla.mozilla.org/show_bug.cgi?id=280661. Personally, I don't use an HTTP proxy, I simply let my browser talk to Tor via SOCKS directly. The user experience sucks, because you'll receive untold numbers of "The connection has timed out" warnings, because Firefox won't wait for Tor to build a circuit.
Once Firefox fixes bug 280661, we don't need a HTTP proxy at all.
The second question is, "why switch from Privoxy to Polipo?"
Privoxy is fine filtering software that works well for what is it intended to do. However, its user experience is lacking due to it lacking a few features, namely, HTTP 1.1 pipelining, caching most requested objects, and it needs to see the entire page to parse it, before sending it on to the browser. Lack of these three features is the reason we switched from Privoxy to Polipo.
We've received plenty of feedback that browsing with Polipo in place of Privoxy "feels faster".The feedback indicates that because Polipo streams the content to the browser for rendering nearly as fast as it receives it from Tor, the user understands what's going on and will start to read the web page as it loads. Privoxy, necesarily, will load the entire page, parse it for items to be filtered, and then send the page on to the browser. The user experience, especially on a slow circuit, is that nothing happens, the browser activity icon spins forever, and suddenly a page appears many, many seconds later.
If Tor was vastly faster, Privoxy's mode of operation wouldn't matter. We're working on making Tor faster. However, purposely showing the user how slow tor can be with privoxy was a huge point of complaint, and not what we intended to do.
Does Polipo have some bugs? Sure. Chrisd primarily, among others, is working on fixing them. At the current rate of progress on Firefox bug 280661, we'll have Polipo fixed before Mozilla releases the SOCKS layer fix. Chrisd even wrote Mozilla a patch and submitted it on the bug.
The final point is that this is all free software. You are in control. If you don't like Polipo, but do like Privoxy, then don't install Polipo and use Privoxy. The power of choice is yours."
https://trac.torproject.org/projects/to ... chisbetter
You should always use Torbutton with Tor because of its additional security features. If you don't use Torbutton, your anonymity may be compromised!
https://www.torproject.org/torbutton/to ... ns.html.en
For these reasons we will use Tor + Polipo (With Iceweasel and Torbutton) in this howto. There is also an additional advantage with Polipo over Privoxy because it requires zero configuration with Torbutton.
All of the software used is in main, so there is no need for any contrib or non-free repositories.
Let’s get started!
Install the needed packages (as root and assuming you have Iceweasel installed):
Code: Select all
aptitude install tor polipo xul-ext-torbutton
Aptitude should also pull tor-geoipdb and torsocks.
Get the custom Polipo configuration file:
Code: Select all
wget https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf
Code: Select all
mv -i polipo.conf /etc/polipo/config
Code: Select all
/etc/init.d/polipo restart
Test if it works by visiting this link:
https://check.torproject.org/
If you at a later point want to remove Tor and Polipo with its config files:
Code: Select all
aptitude --purge remove tor polipo xul-ext-torbutton
Edit 04.01.12: Added info about Torbutton
07.02.12: Added note about Torbutton in Wheezy