On 21 March 2012 15:26, Mike Perry <[email protected]> wrote: > Thus spake Simon Brereton ([email protected]): > >> On 21 March 2012 07:20, <[email protected]> wrote: >> > I'd do what you originally intended: keep it simple, you want to learn tor >> > so just run tor alone for now. Get back to the position you were at when >> > you >> > just had tor, no Vidalia, and you've confirmed it's running with nmap. By >> > default it'll run on port 9050 - nmap should confirm that, so you should >> > set >> > your proxy setting in your browser to localhost:9050. Set your browser to >> > manual proxy for now, just to eliminate 'system proxy' from the equation. >> >> Sadly, that has the consequence that when I fire up Firefox, Firefox >> also uses that proxy - whether proxying in Firefox is enabled or not. >> That's bad. Loathe as I am to have a third browser installed, it >> looks like I might have to use the TBB for secure browsing instead of >> Chromium (which had been my plan. Firefox is altogether safer and >> easier to configure for a higher-level of safety without going torshit >> crazy (and it's also useful to have a browser that stores some >> cookies). > > You can configure TBB to allow you to store history and cookies, it's > just painful and spread across like 3 different options in Torbutton. > They are under subtabs in the the Security Settings tab: > > History->"Block history writes during Tor" > Cookies->"Use the Cookie Protections Dialog to Choose" > Shutdown->"Do not clear my cookies at shutdown" > > Yes, of course this is insane and sucks. It's a relic of Torbutton's > incremental development and the need for testers and security > researchers to debug features individually. > > https://trac.torproject.org/projects/tor/ticket/3100 is the trac ticket > to create something more reasonable from all of those prefs. Patches > welcome :). > >> So now I have the following questions. >> >> 1) Can I use the TBB even though I have tor installed and running >> successfully? > > Yes. There are two ways to do this. The easiest is to just start the > fucker, let Tor bootstrap, let Tor Browser launch, and then tell Vidalia > to "Stop Tor". The Tor Browser should still remain open. > > After that, you can go into the Torbutton Preferences and tell the TBB > Firefox to use an alternate Tor SOCKS port (9050 is the system tor > default on Ubuntu). You can also click the "Transparent Torification" > radiobutton if you are using transparent firewall rules to torify all of > your traffic. > > The more involved method is to edit the start-tor-browser shell > script...
Thanks. Dererk's reply means I can probably go this route. Additionally today I was reading that simply proxying through localhost:9050 might not be enough to make FF safe (something about DNS leaks). >> 2) Is there a danger in having tor running even when I'm not using it? > > Not really. In fact, traffic analysis is made easier if you only run tor > when you are actually using it. >> 3) I was reading up on exit-point safety and apologies to the people >> who spent time documenting it, but I didn't understand that well at >> all. I'm a native speaker and technically literate, so I'm concerned >> other people might not understand it either. > > Does this warning make sense: > https://www.torproject.org/download/download-easy.html#warning > > Point (c) is about exit point safety. If we can do anything to improve > it, let us know. If HTTPS Everywhere encrypts traffic from the exit-point, doesn't that break SSL? Or is it working the same way an SSL VPN would work at that point? >> 4) Do I need privoxy or obfusproxy? > > Privoxy and polipo are no longer maintained. We've stopped using them in > favor of pure SOCKS4A+SOCKS5. Uninstalled then. > Obfsproxy is experimental still, but has some very attractive features. > In particular, it can make traffic analysis even harder by preventing > your ISP from easily telling you're even using Tor. It is meant for > deployment in censored locations with a high degree of risk and/or > conflict. But I bet people concerned with privacy will be interested in > it too. It's a bit early for end users to just jump in and start using > it, though. Well, at the moment I don't even have a real need for using Tor - but you never know. So, I'll probably install it anyway and see what gives. If I can contribute feedback, well and good. I'm still al little unsure how/why this works. In my mind it would be better to have a quantum approach such that (neither) you (nor anyone else) can determine which hole the light particle goes through. But I guess I'll figure it out in time. Thanks for the help so far. Simon _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
