[I'm forwarding to the list since Juliusz is not subscribed. -RD] ----- Forwarded message from [EMAIL PROTECTED] -----
To: [email protected] From: Juliusz Chroboczek <[EMAIL PROTECTED]> Subject: How to run tor with Polipo Date: Fri, 26 May 2006 19:57:35 +0200 --=-=-= Dear all, [ Sorry if you receive this multiple times -- it's the third time I'm trying to reach or-talk. ] I've just finished implementing experimental support for SOCKS4a in the unstable branch of Polipo. This makes it possible to use Polipo instead of Privoxy for browsing using tor. Unlike Privoxy, Polipo has a number of features (pipelining, caching, smart use of range requests) that make it faster on slow networks; and, since tor is not the fastest network around, Polipo/tor is noticeably more responsive than Privoxy/tor. The downside is that Polipo does not perform application-layer anonimisation by default. In fact, in its default configuration Polipo is an (almost) HTTP/1.1 compliant proxy, and hence leaks data like crazy. While it is possible to configure Polipo to perform some sanitisation of HTTP headers, this does not come even close to the amount of munging that Privoxy can do. Please make sure you read section (5) below before you decide whether to switch to Polipo. Additionally, Polipo has some rather specific traffic patterns (agressive pipelining, range requests) that make it rather easy to spot. The websites you access won't know who you are, but they might realise you're running Polipo. If you're willing to live with that, here's how to run Polipo with tor. Please let me know on the polipo-users list [EMAIL PROTECTED] whether it works for you. 1. Get yourself tor Download, compile and run the tor client. Make sure the log file says [notice] Tor has successfully opened a circuit. Looks like it's working. If you're under Debian, just apt-get install tor. If you're using a different system, please see http://tor.eff.org 2. Get yourself a recent polipo binary You will need a binary of the unstable branch of Polipo dated 21 May 2006 or later. For now, the only way is to compile it from the Darcs repository itself: $ darcs get http://www.pps.jussieu.fr/~jch/software/repos/polipo/ $ cd polipo $ make (In case you don't have Darcs: if you're running Debian, just do ``apt-get install darcs''; if you're not, please have a look at http://www.darcs.net/DarcsWiki/CategoryBinaries .) If you've got the right tools, you can build the manual by running one of $ make polipo.info $ make polipo.html $ make html/index.html $ make polipo.ps $ make polipo.pdf If you don't, please see one of http://www.pps.jussieu.fr/~jch/software/polipo/manual/ http://www.pps.jussieu.fr/~jch/software/polipo/polipo.pdf You do not need to install Polipo -- Polipo will happily run from your home directory. But if you insist, you can do $ make all $ su -c 'make install' 3. Run Polipo and test it $ ./polipo socksParentProxy=localhost:9050 At this point, Polipo should be speaking to tor; however, it is behaving as a compliant HTTP/1.1 proxy and hence LEAKING INFORMATION. In particular, it is PUTTING YOUR HOSTNAME IN EVERY REQUEST. Only use this configuration for testing. Point your browser at the proxy on localhost:8123 (for both HTTP and HTTPS) and check whether everything is working -- have a look at http://ipid.shat.net/ which should show that you're coming from an IP you've never heard about. 4. Tweak your Polipo configuration You really need to tweak your Polipo configuration. You do that by creating a config file in either ~/.polipo or /etc/polipo/config. A sample config file is included in the file ``polipo.config''. You can check that Polipo is taking your configuration into account by running ``polipo -v'' or by checking http://localhost:8123/polipo/config? . The very least you can do is to set disableVia = true which will prevent Polipo from putting your hostname in every request. I also recommend having at least censoredHeaders = set-cookie, cookie, cookie2, from, accept-language, x-pad censorReferer = maybe which will cause Polipo to randomly munge random HTTP headers. There are some other options that will make Polipo faster (but less standard); please check the Polipo manual for the variables ``relaxTransparency'' and ``mindlesslyCacheVary'' (you should only set them if you understand what they do). It might also be worthwile to experiment with the optimal values of serverSlots and maxServerSlots. 5. Create an on-disk cache (optional) If you want a persistent cache of previously retrieved pages, just create a directory /var/cache/polipo/ that the user running Polipo can write to. You will also want to arrange to run ``polipo -x'' once in a while (for example from a cron job). If you want to put your on-disk cache elsewhere, just set the variable ``diskCacheRoot'' in your config file. Note that the persistent cache contains all of your browsing history; additionally, it enables remote sites to see which images you already have locally. You will not want to enable this functionality if you are serious about anonimity. 6. Tweak Polipo further (optional) There's a lot of tweakables in Polipo, and the manual should pretty much describe them all. http://www.pps.jussieu.fr/~jch/software/polipo/manual/ http://www.pps.jussieu.fr/~jch/software/polipo/polipo.pdf And of course I will gratefully accept any patches to Polipo that improve its tweakability. However, I will not include any functionality that attempts to rewrite instance bodies (as opposed to headers). I will also not cause Polipo to perform sanitisation of headers in its default configuration, but I will be glad to include a sanitising config file in the distribution. Juliusz --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEd0GTOyf6h3f/XzsRAiOTAJ4yqS4MbUIRwi3lErtbZCWZjPXiFACdHRX8 1JmQWnsO+YBg+3AOKRN+Lv0= =Xy6a -----END PGP SIGNATURE----- --=-=-=-- ----- End forwarded message -----
