Showing posts with label tor. Show all posts
Showing posts with label tor. Show all posts

01 July 2013

467 wget and tor issue

Ever since I set up Tor on my debian workstation I've been having issues using wget:
--2013-07-01 11:32:35-- Connecting to connected. Proxy tunneling failed: Tor is not an HTTP ProxyUnable to establish SSL connection.
For fun I also tried torify although I don't want to download the kernel via Tor:

torify wget
--2013-07-01 11:36:20-- Connecting to 11:36:20 libtorsocks(26463): connect: Connection is to a local address (, may be a TCP DNS request to a local DNS server so have to reject to be safe. Please report a bug to if this is preventing a program from working properly with torsocks. failed: No such file or directory. Retrying.
Note that I DON'T want to use wget with Tor. I don't want to eat up bandwidth on the Tor network for stuff like this. When I use wget I want to use a direct connection.

I haven't configured /etc/wgetrc and so I was a bit surprised that this kept on happening.

The solution:
edit /etc/wgetrc and put

anywhere. And you're done.

19 June 2013

457. Very Briefly: Microsoft has a Tor exit node?

Whenever I play around with Tor I use or to make sure that I'm indeed using a proxy. I also normally do a whois on the IP address, so see who's running the exit node.

Today I ended up with the IP address

NetRange: - CIDR:, OriginAS: NetName: MSFT-EP NetHandle: NET-168-61-0-0-1 Parent: NET-168-0-0-0-0 NetType: Direct Assignment RegDate: 2011-06-22 Updated: 2012-10-16 Ref: OrgName: Microsoft Corp OrgId: MSFT-Z Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 2011-06-22 Updated: 2013-04-12 Ref: OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: OrgTechRef: OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: OrgAbuseRef: OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: OrgAbuseRef: OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: OrgNOCRef: OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: OrgAbuseRef:
That Microsoft is listed as the organisation doesn't necessarily mean that they are running the node (could be a hosting company) but it still seems that this might actually be MS running this one. Maybe it's just for research purposes, but it still seemed a bit surprising.

Microsoft as a company isn't exactly known for doing things out of the goodness of their hearts. Oh well.

12 June 2013

450. Tor and Chrome on Debian

* For the Tor bundle see
* For securing your dropbox, see
* For encrypting your filesystem with encfs, see
* For one-time passwords (OTPW), see
* For encryption in general using PGP/GPG, OTR, SRTP for chat, email, voice and video, see
* For truecrypt with dropbox, see

Post begins:
I think it's fair to say that online privacy is in the spotlight again, temporarily,  in particular if you are not living in the US. After all, the rest of the world is offered no protection from US agencies.

There are two levels of snooping that (can) go on:
Case 1:  outright intercept of communications
In this case your emails are read, your browsing data is intercepted and your phone conversations tapped. This is the most intrusive form, and I think even in the US a warrant is required for the intercept of this type of data (whether that's too easy of difficult to get is another question entirely).

Case 2: mining of 'meta-data'
In this case data such as recipient/sender of emails, URLs that you've been visiting, and whom you have been calling/called by are collected. In addition, e.g. cell phone tower records can be collected to track your whereabouts 24/7.

While the contents of your conversations isn't known, your entire social and professional life can be charted.
As far as I understand this is what NSA has been engaging in. Likewise, knowing exactly where you are at any given point in time, a pretty detailed picture of your life can be painted.

Begin Rant
I don't have anything to hide, but I am not too keen on the government having better records of my life than I do myself. And I should be the one deciding what to share as long as the presumption of innocence holds.

Also, we're making the presumption that the government is benign, and as has been shown repeatedly, it isn't always. That goes for the US government, the UK government and just about any bloody imaginable government, and for a simple reason: the government is made up of people. In particular people who are keen on 'leading' i.e. controlling others. Even a benign despot is a despot.

There's no use being naive -- in either direction. There are legitimate reasons for clandestine organisations wanting to mine data, and there are legitimate reasons for why we should not give them a carte blanche.

Whether you use PGP/GPG or not won't affect the mining of meta-data. Nor will OTR, although it might in theory give you a somewhat better level of deniability (but not really).

Using PGP/GPG, OTR and encryption of data in general will only protect the content of your conversations, not the fact that they occurred. Not that it's easy getting people to start using encryption of their email, especially not since hotmail and gmail provided the final push into getting people to do all their email processing in the browser rather than using a more capable email client. Obviously Google would not be pleased if all communication was PGP encrypted, since this would create issues with targeted ads.

Finally, what really irks me is the fact that because John Doe won't use encryption -- or learn how to do it -- I also cannot use it. Instead we have to play according to the rules of the least technologically informed.
End Rant

Anyway. There are a few things you can do -- at least to make you feel better. Whether they have any real impact on your privacy depends on what other sources of information leakage there are in your life.

The simplest thing you can do is to do all your browsing anonymously, including setting up and checking your email. And the easiest way to do that is by using Tor.

It's easy enough to use the Tor Bundle, e.g.

However, I for some forsaken reason like using Chrome.

To set up Proxy SwitchySharp I'm following this post:

NOTE: there are many layers to managing your privacy, and you're only as anonymous as your worst habits allow you to be. I'm a pessimist -- I think it is virtually impossible to protect yourself against a determined adversary. However, trying won't hurt.

Step 0. Block cookies by default and install an ad blocker

Pretending to be anonymous won't help if you give the game away by exposing cookies that you acquired while surfing without Tor.

You'll be surprised how many websites require you to accept cookies -- however, it's up to you whether you want to put up with that. I only allow cookies with services that I've signed up to and that I trust. I refuse to allow in particular commercial sites to require cookies for me to simply visit.

In Chrome, go to Settings, Content Settings, and check:
* Block sites from setting any data
* Block third-party cookies and site data
* Clear cookies and other site and plug-in data when I close my browser

* Allow local data to be set

You may want to restrict e.g. image loading, javascript, pop-ups, plugins etc. as well. It's down to you to weight inconvenience vs privacy.

Set Cookie and Site Data exceptions manually, and make sure to distinguish between Session Only and Allow.

Also, install e.g. simple adblock:

Step 1. Install the HTTPS everywhere extension

Step 2. Install Proxy SwitchySharp

Set up a profile called Tor to use SOCK 5 with
Go to the General Tab and enable Quick Switch.
Make sure to drag both Tor and Direct Connection into the Quick Switch field.

Step 3. Install Tor and Vidalia
Add the following to your /etc/apt/sources.list
deb wheezy main

Then do
sudo apt-get update
sudo apt-get install
sudo apt-get update
sudo apt-get install vidalia

Tor should run in the background whether you start Vidalia or not.

Step 4. Prevent DNS leaks:
[for fun, do
sudo apt-get install tcpdump
sudo tcpdump -pni eth0 'port domain'
before turning off prefetching. ]

To make sure that your DNS requests aren't being read (i.e. providing meta-data to your ISP), you will need to turn of DNS pre-fetching in Chrome.

Google is sneaky about it though -- to turn off prefetching go to Settings/Under the Bonnet and uncheck "Predict network actions to improve page load performance".

[If you set up tcpdump before you'll see how suddenly the IPs and URLs stop streaming by.]

Step 5. Start Tor/Vidalia
You don't seem to be able to launch Vidalia from the terminal, so launch Vidalia from within e.g. gnome.
In fact, you probably don't have launch vidalia as Tor should be run in the background.
Then open Chrome and navigate to e.g. or

You can turn on and off the proxy by clicking on the icon in the top right corner.

Step 6. Enable private browsing:
You don't want to risk one website being able to see what another website left behind. It shouldn't happen, but it has happened in the past.

Anyway, it's easy: open an Incognito window (ctrl + shift + N).

As far as I can tell this should give you some privacy. However, the question is how effective this is in the long run since it's difficult to maintain enough discipline to prevent any information leakage to occur.

08 May 2013

408. Briefly: Tor on Debian -- the quick option

Tor can -- under the right conditions -- be used to anonymize your connection. Encryption, anonymity etc. is a minefield is you want to do it right, and I won't pretend to be an expert, so do your own reading.


In the process of looking at manually setting up Tor on Debian I came across the Tor browser bundle. Using it is pretty straightforward, but given that linux users are at varying skill-levels, a step by step guide with pictures can't hurt (and another post for me...).

sudo mkdir /opt/torbundle
sudo chown $USER:$USER /opt/torbundle
cd /opt/torbundle
tar xvf tor-browser-gnu-linux-x86_64-2.3.25-6-dev-en-US.tar.gz
echo "alias torbrowser='/opt/torbundle/tor-browser_en-US/./start-tor-browser'" >> ~/.bashrc
source ~/.bashrc

Start by typing

Vidalia will open, and once you're connected to the tor network a browser session will automatically open.