On Friday 26 April 2019 20:30:42 William Morder wrote:
On Friday 26 April 2019 09:37:05
andre_debian(a)numericable.fr wrote:
> > Not so easy to use it, I only need as
anonymous navigator.
Okay, so I apologize in advance for the length, but I tried to
cover all the
steps. Here, I realize, it may look like a bit much; and I didn't just jump
into this all at once. This is the accumulation of research and experience
of using tork-trinity (or its earlier KDE3 version) since about 2005 or
thereabouts. And I am sure that there are a dozen or more people reading the
Trinity mailing list, who know better than I about some of this. (And please
add your own tested recipes!) Make small changes, one thing at a time, until
you get it configured as you want.
I am running Devuan Jessie, but this is close enough
to Debian Stretch,
and ought to work for you. And anyway, I am trying to move up to Stretch or
Buster ASAP.
Yes, you do need to install privoxy, although tor can use some other
proxies, such as polipo, etc.; but I haven't tried them.
1. You need to make sure that you have certain packages installed in order
to get full functionality.
These are all the packages that I have installed specifically for
tor/tork/privoxy. It is especially important that you get everything for
libevent and geoip, torsocks (or maybe tsocks on some systems, but torsocks
is newer); you can probably do without anything dbg or dev. I tend to do
overkill, and try out everything, then discard later.
sudo apt-get install apt-transport-https apt-transport-tor geoclue geoip-bin
geoip-database-extra libanyevent-perl libevent-core libevent-dbg
libevent-dev
libevent-execflow-perl libevent-extra libevent-loop-ruby libevent-openssl
libevent-perl libevent-pthreads libevent-rpc-perl libeventviews4
libgeocode-glib0 libghc-socks-dev libghc-socks-prof libghc-vector-dev
libghc-vector-doc libghc-vector-prof libkimproxy4 libseccomp2 privoxy
python-geoip python-torctl tor tor-arm tor-geoipdb tork-data-trinity
tork-trinity torsocks tzdata tzdata-java
You don't need these, but maybe you'll want to try them out, just because.
sudo apt-get install myproxy myproxy-admin myproxy-dbg myproxy-server
obfs4proxy obfsproxy ocproxy onionshare torbrowser-launcher torchat
2. It is good to have sysv-rc-conf installed (as mentioned previously), so
that you can disable tor and privoxy from starting up automatically. Disable
all lines for both tor and privoxy; otherwise, run "pkill tor | pkill
privoxy"; but it's a bother to do this every time.
3. Once you have the packages you need, run the first-run wizard. First time
you start it up, run as client, then configure as you wish; but I generally
choose custom or "configure myself". Make sure that you are set up to run
socks5.
4. When tork is up and running, click on <settings> and <configure tork>.
Under <My Tor Client>, you want to set a password (study up on password
security, if you haven't done so already). Under <Network View>, you will
find categories where you can set servers to avoid, or those that you prefer
as exit servers. If this is your first run, these ought to be empty. You
click okay, and it's running.
Now you want to find those servers that you prefer; and later, you'll
discover some that you might want to avoid.
You ought to see four columns: <Anonymize>, <Tor Network>, <Tor Log>,
and
<Traffic Log>. Click on <Tor Network>, then look at the top for
<Servers>.
Click on that, and you'll see a list of options. I currently click the
choices for Valid, Fast, Exit, Running, Guard, Stable.
(The others don't work
so well.) Once you have clicked on these choices, you'll see that your list
of servers at the left have all turned green, and all say exit. Hit ctrl-A,
and capture (like copying text), then right-click, choose
[* see below] "From
now on", then either "Always use server as exit" or "Try to use
server as
exit". If you go back into Settings/Configure Tork/My Network View/Preferred
Exit Servers, you will now see that your list is filled with preferred exit
servers, all the ones that got branded with the green onion.
You'll also note that there is a little box that reads "Use only these
servers for exit"; which corresponds to that choice you made above.*
5. Another thing that you can do is to change your apparent location, by
choosing in what country you want your exit server. If the EU blocks you
from reading the LATimes or Washington Post (for example),
you can change your server to a US server.
6. Now your tork-trinity ought to be all set up to manage tor; and this is
just fine for browsing. But if you just wanted to use it for browsing, you
wouldn't go to all this trouble; and there are so many more neat things that
you can do now.
Click on Anonymize, and you'll see one-click choices for anonymizing
Firefox, Kopete, Pidgin, etc. (This varies according on what you have
installed, and not everything shows up; Opera shows up, but not
Icecat or PaleMoon; Kopete and Pidgin show up, but not other chat programs.)
Farther down that list, though, is where you can do some weirder stuff.
7. Anonymous SSH Session - or, occasional god-like powers
Click on this, and you will have secure shells in Konsole, which is nice for
torifying various programs; for example, torrents, some browsers (arora,
midori, etc.) I torify xmms over the ssh session. Also, I can download with
wget, curl, youtube-dl, etc. I can do whois lookups over the ssh, and so on.
(This is useful if you get blocked from certain sites for using Tor, yet you
might also be blocked because you live in the "wrong" country. If you torify
your program, you can sometimes have your cake and eat it, too.) In order to
torify, just put that word into your command, usually preceding the usual
command; e.g.:
torify youtube-dl -v -c -f mp4 --no-check-certificate -R 999999
torify wget -c -t 0 --retry-connrefused --no-check-certificate
8. Anonymous Shell for Command-line Programs using HTTP/HTTPS
I use it for downloading deb packages, etc., but there are other uses.
In this case, instead of "sudo apt-get install" (for example), the
command changes to "sudo torify apt-get install"; and modify
accordingly for other apt commands.
9. There are also some configuration files that I use to modify my firewall,
tor and privoxy. I use firestarter as my firewall, because I can watch
activity in real time, rather than opening a log file all the time; however,
I also disable ipv6, which takes some more doing. I don't know if the
user-pre file can be adapted to other firewalls, or iptables, etc.
10. See attachments for config files. Here are locations for those files:
/etc/privoxy/config
/etc/tor/torrc
/etc/tor/torsocks.conf
/etc/firestarter/user-pre
(NOTE that I got these configurations from somewhere on the torproject
website, though I don't remember the links now.)
Not everybody cares if the Man knows that they play chess or watch cat
videos;
but maybe people live in places where normal innocent behavior has become
suspect.
I know this seems like a lot; and it is a lot of trouble, if all you want to
do is read the LATimes and WaPo where you live.
But once you have figured out
how to torify various programs, or to run hidden services (not there myself
yet), then I feel sure that you will start to think about other
possibilities.
For example, I run my own online radio station, but I cannot listen to it
over
a proxy, unless I torify xmms; and then it works fine. Or maybe I want to
look up my local TV listings, but I don't really want to get advertising
based on my viewing habits. Or I want to watch a YouTube video, but I find
that it is not available in various countries.
I hope that this gives you a good start with tork. It is definitely a
program worth keeping around. Bill
Long answer, so good, precise, thanks Bill.
Now, I have to try ASAP...
Good labor day tomorrow (1st may).
andré