Thus spake Simon Brereton (simon.brereton@xxxxxxxxxxxxxx): > On 21 March 2012 07:20, <tor324890@xxxxxxxxxxxxx> wrote: > > I'd do what you originally intended: keep it simple, you want to learn tor > > so just run tor alone for now. Get back to the position you were at when you > > just had tor, no Vidalia, and you've confirmed it's running with nmap. By > > default it'll run on port 9050 - nmap should confirm that, so you should set > > your proxy setting in your browser to localhost:9050. Set your browser to > > manual proxy for now, just to eliminate 'system proxy' from the equation. > > Sadly, that has the consequence that when I fire up Firefox, Firefox > also uses that proxy - whether proxying in Firefox is enabled or not. > That's bad. Loathe as I am to have a third browser installed, it > looks like I might have to use the TBB for secure browsing instead of > Chromium (which had been my plan. Firefox is altogether safer and > easier to configure for a higher-level of safety without going torshit > crazy (and it's also useful to have a browser that stores some > cookies). You can configure TBB to allow you to store history and cookies, it's just painful and spread across like 3 different options in Torbutton. They are under subtabs in the the Security Settings tab: History->"Block history writes during Tor" Cookies->"Use the Cookie Protections Dialog to Choose" Shutdown->"Do not clear my cookies at shutdown" Yes, of course this is insane and sucks. It's a relic of Torbutton's incremental development and the need for testers and security researchers to debug features individually. https://trac.torproject.org/projects/tor/ticket/3100 is the trac ticket to create something more reasonable from all of those prefs. Patches welcome :). > So now I have the following questions. > > 1) Can I use the TBB even though I have tor installed and running > successfully? Yes. There are two ways to do this. The easiest is to just start the fucker, let Tor bootstrap, let Tor Browser launch, and then tell Vidalia to "Stop Tor". The Tor Browser should still remain open. After that, you can go into the Torbutton Preferences and tell the TBB Firefox to use an alternate Tor SOCKS port (9050 is the system tor default on Ubuntu). You can also click the "Transparent Torification" radiobutton if you are using transparent firewall rules to torify all of your traffic. The more involved method is to edit the start-tor-browser shell script... > 2) Is there a danger in having tor running even when I'm not using it? Not really. In fact, traffic analysis is made easier if you only run tor when you are actually using it. > 3) I was reading up on exit-point safety and apologies to the people > who spent time documenting it, but I didn't understand that well at > all. I'm a native speaker and technically literate, so I'm concerned > other people might not understand it either. Does this warning make sense: https://www.torproject.org/download/download-easy.html#warning Point (c) is about exit point safety. If we can do anything to improve it, let us know. > 4) Do I need privoxy or obfusproxy? Privoxy and polipo are no longer maintained. We've stopped using them in favor of pure SOCKS4A+SOCKS5. Obfsproxy is experimental still, but has some very attractive features. In particular, it can make traffic analysis even harder by preventing your ISP from easily telling you're even using Tor. It is meant for deployment in censored locations with a high degree of risk and/or conflict. But I bet people concerned with privacy will be interested in it too. It's a bit early for end users to just jump in and start using it, though. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk