Re: [trinity-users] tork-trinity - my config

On Friday 26 April 2019 09:37:05 andre_debian(a)numericable.fr wrote: Okay, so I apologize in advance for the length, but I tried to cover all the steps. Here, I realize, it may look like a bit much; and I didn't just jump into this all at once. This is the accumulation of research and experience of using tork-trinity (or its earlier KDE3 version) since about 2005 or thereabouts. And I am sure that there are a dozen or more people reading the Trinity mailing list, who know better than I about some of this. (And please add your own tested recipes!) Make small changes, one thing at a time, until you get it configured as you want. I am running Devuan Jessie, but this is close enough to Debian Stretch, and ought to work for you. And anyway, I am trying to move up to Stretch or Buster ASAP. Yes, you do need to install privoxy, although tor can use some other proxies, such as polipo, etc.; but I haven't tried them. 1. You need to make sure that you have certain packages installed in order to get full functionality. These are all the packages that I have installed specifically for tor/tork/privoxy. It is especially important that you get everything for libevent and geoip, torsocks (or maybe tsocks on some systems, but torsocks is newer); you can probably do without anything dbg or dev. I tend to do overkill, and try out everything, then discard later. sudo apt-get install apt-transport-https apt-transport-tor geoclue geoip-bin geoip-database-extra libanyevent-perl libevent-core libevent-dbg libevent-dev libevent-execflow-perl libevent-extra libevent-loop-ruby libevent-openssl libevent-perl libevent-pthreads libevent-rpc-perl libeventviews4 libgeocode-glib0 libghc-socks-dev libghc-socks-prof libghc-vector-dev libghc-vector-doc libghc-vector-prof libkimproxy4 libseccomp2 privoxy python-geoip python-torctl tor tor-arm tor-geoipdb tork-data-trinity tork-trinity torsocks tzdata tzdata-java You don't need these, but maybe you'll want to try them out, just because. sudo apt-get install myproxy myproxy-admin myproxy-dbg myproxy-server obfs4proxy obfsproxy ocproxy onionshare torbrowser-launcher torchat 2. It is good to have sysv-rc-conf installed (as mentioned previously), so that you can disable tor and privoxy from starting up automatically. Disable all lines for both tor and privoxy; otherwise, run "pkill tor | pkill privoxy"; but it's a bother to do this every time. 3. Once you have the packages you need, run the first-run wizard. First time you start it up, run as client, then configure as you wish; but I generally choose custom or "configure myself". Make sure that you are set up to run socks5. 4. When tork is up and running, click on <settings> and <configure tork>. Under <My Tor Client>, you want to set a password (study up on password security, if you haven't done so already). Under <Network View>, you will find categories where you can set servers to avoid, or those that you prefer as exit servers. If this is your first run, these ought to be empty. You click okay, and it's running. Now you want to find those servers that you prefer; and later, you'll discover some that you might want to avoid. You ought to see four columns: <Anonymize>, <Tor Network>, <Tor Log>, and <Traffic Log>. Click on <Tor Network>, then look at the top for <Servers>. Click on that, and you'll see a list of options. I currently click the choices for Valid, Fast, Exit, Running, Guard, Stable. (The others don't work so well.) Once you have clicked on these choices, you'll see that your list of servers at the left have all turned green, and all say exit. Hit ctrl-A, and capture (like copying text), then right-click, choose [* see below] "From now on", then either "Always use server as exit" or "Try to use server as exit". If you go back into Settings/Configure Tork/My Network View/Preferred Exit Servers, you will now see that your list is filled with preferred exit servers, all the ones that got branded with the green onion. You'll also note that there is a little box that reads "Use only these servers for exit"; which corresponds to that choice you made above.* 5. Another thing that you can do is to change your apparent location, by choosing in what country you want your exit server. If the EU blocks you from reading the LATimes or Washington Post (for example), you can change your server to a US server. 6. Now your tork-trinity ought to be all set up to manage tor; and this is just fine for browsing. But if you just wanted to use it for browsing, you wouldn't go to all this trouble; and there are so many more neat things that you can do now. Click on Anonymize, and you'll see one-click choices for anonymizing Firefox, Kopete, Pidgin, etc. (This varies according on what you have installed, and not everything shows up; Opera shows up, but not Icecat or PaleMoon; Kopete and Pidgin show up, but not other chat programs.) Farther down that list, though, is where you can do some weirder stuff. 7. Anonymous SSH Session - or, occasional god-like powers Click on this, and you will have secure shells in Konsole, which is nice for torifying various programs; for example, torrents, some browsers (arora, midori, etc.) I torify xmms over the ssh session. Also, I can download with wget, curl, youtube-dl, etc. I can do whois lookups over the ssh, and so on. (This is useful if you get blocked from certain sites for using Tor, yet you might also be blocked because you live in the "wrong" country. If you torify your program, you can sometimes have your cake and eat it, too.) In order to torify, just put that word into your command, usually preceding the usual command; e.g.: torify youtube-dl -v -c -f mp4 --no-check-certificate -R 999999 torify wget -c -t 0 --retry-connrefused --no-check-certificate 8. Anonymous Shell for Command-line Programs using HTTP/HTTPS I use it for downloading deb packages, etc., but there are other uses. In this case, instead of "sudo apt-get install" (for example), the command changes to "sudo torify apt-get install"; and modify accordingly for other apt commands. 9. There are also some configuration files that I use to modify my firewall, tor and privoxy. I use firestarter as my firewall, because I can watch activity in real time, rather than opening a log file all the time; however, I also disable ipv6, which takes some more doing. I don't know if the user-pre file can be adapted to other firewalls, or iptables, etc. 10. See attachments for config files. Here are locations for those files: /etc/privoxy/config /etc/tor/torrc /etc/tor/torsocks.conf /etc/firestarter/user-pre (NOTE that I got these configurations from somewhere on the torproject website, though I don't remember the links now.) Not everybody cares if the Man knows that they play chess or watch cat videos; but maybe people live in places where normal innocent behavior has become suspect. I know this seems like a lot; and it is a lot of trouble, if all you want to do is read the LATimes and WaPo where you live. But once you have figured out how to torify various programs, or to run hidden services (not there myself yet), then I feel sure that you will start to think about other possibilities. For example, I run my own online radio station, but I cannot listen to it over a proxy, unless I torify xmms; and then it works fine. Or maybe I want to look up my local TV listings, but I don't really want to get advertising based on my viewing habits. Or I want to watch a YouTube video, but I find that it is not available in various countries. I hope that this gives you a good start with tork. It is definitely a program worth keeping around. Bill