How to install tor browser in FreeBSD?

There are several ways how you can use tor in FreeBSD…
After security/tor installation, add
Code:
tor_enable="YES"
to /etc/rc.conf and
Code:
# prevent traffic analysis that exploits sequential IP IDs
net.inet.ip.random_id=1
to /etc/sysctl.conf,
execute # service tor start and # sysctl net.inet.ip.random_id=1, then you will be able to use tor service,
that "Opening Socks listener on 127.0.0.1:9050", so you can connect to 127.0.0.1:9050 from firefox,
or any other browser. To use tor in firefox, open settings — network — connection,
and add "127.0.0.1:9050" to "SOCKS" column
UYHybc9.png

Also make sure to tick an option at the bottom of "connection settings", to send DNS requests through tor when using SOCKS 5
b3SgqPV.png



Also you can use tor with every application or browser via net/torsocks.
To make any application work through tor, launch it like this:
% torsocks chrome
or
% torsocks xterm
etc...

There is no need in "tor-browser" that is available on windows,
because in fact "tor-browser" is a www/firefox-esr with another icon and few "addons" pre-installed:
https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Tor_Browser said:
The Tor Browser, previously known as the Tor Browser Bundle (TBB), is the flagship product of the Tor Project. It consists of a modified Mozilla Firefox ESR web browser, the TorButton, TorLauncher, NoScript and HTTPS Everywhere Firefox extensions and the Tor proxy.
 
Last edited by a moderator:
When using Tor, there are several important considerations:
1. DNS Leaks: If you use a browser add-on like FoxyProxy or such, the DNS lookups can continue to be made using host's /etc/resolv.conf rather than the Tor network DNS services.
2. As far as I recall, TorBrowser is an integrated package of mozilla browser + www/polipo, where an un-bundled polipo was found to leak certain information (don't recall details).
3. Read about online privacy vs. anonymity (which is a lot more difficult to correctly implement).
4. Seriously consider www/privoxy as a front-end to security/tor and security/obfsclient to obfuscate Tor traffic against DPI (Deep Packet Inspection).

The torproject website is an excellent source of information on all these issues.
 
As far as I recall, TorBrowser is an integrated package of mozilla browser + www/polipo,
Yes, that looks correct. It's just a convenient package that bundles Firefox, polipo and tor in a single package. On FreeBSD you just install and configure all three separately to get the same result.
 
Yeah, even for 'advanced' users it's tricky. But you could always "borrow" a prefs.js from an existing TorBrowser installation.
 
To fully cover the topic, here is a little "how to", for those who want to use www/polipo, a caching web proxy, with www/tor.

1. Install tor and polipo.

2. Edit /usr/local/etc/polipo/config:
Code:
proxyAddress = "127.0.0.1"
proxyPort = 8118
allowedClients = 127.0.0.1
allowedPorts = 1-65535
proxyName = "localhost"
cacheIsShared = false
socksParentProxy = "localhost:9050"
socksProxyType = socks5
diskCacheRoot = ""
localDocumentRoot = ""
disableLocalInterface = true
disableConfiguration = true
dnsUseGethostbyname = yes
disableVia = true
censoredHeaders = from, accept-language
censorReferer = maybe
3. Add
Code:
polipo_enable="YES"
to /etc/rc.conf

4. Start polipo with # service polipo start.

5. Now you are able to use tor with polipo, just change your firefox proxy settings
4Lx1NFf.png


6. Check your current public IP here.
TS6dlx1.png



Disable WebRTC support in firefox, open about:config, and set "media.peerconnection.enabled" to "false".
Use "private" mode in firefox, FF won't save browser history, cache and cookies in this mode.
To start firefox in private mode by default, open about:config, find
"browser.privatebrowsing.autostart" and set it to "true".

Also it is possible to use additional addons, like User Agent Overrider,
to change your user agent string, here is few user agent strings for example:
# BSD
FreeBSD / Firefox 53: Mozilla/5.0 (X11; FreeBSD amd64; rv:53.0) Gecko/20100101 Firefox/53.0

# Linux
Linux / Firefox 53: Mozilla/5.0 (X11; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Linux / Chrome 57: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

# Mac
Mac / Firefox 53: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:53.0) Gecko/20100101 Firefox/53.0
Mac / Chrome 57: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Mac / Safari 9: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17

# Windows
Windows / Firefox 53: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Windows / Chrome 57: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Windows / IE 10: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

# Android
Android / Firefox 53: Mozilla/5.0 (Android; Mobile; rv:53.0) Gecko/29.0 Firefox/53.0
Android / Chrome 57: Mozilla/5.0 (Linux; Android 4.4.2; Nexus 4 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Mobile Safari/537.36

# iOS
iOS / Chrome 34: Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) CriOS/34.0.1847.18 Mobile/11B554a Safari/9537.53
iOS / Safari 7: Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53

# Others
Google Bot: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Play Station 4: Mozilla/5.0 (PlayStation 4 3.15) AppleWebKit/537.73 (KHTML, like Gecko)
Add them to "User Agent Overrider" settings.

NoScript addon can be useful also, also try HTTPS Everywhere, Disconnect and uBlock...
 
Last edited by a moderator:
I always think about why people would use Tor,

I like it for when I need to check something on Facebook. I'm too embarrassed to go there otherwise. :)

the type of people known to use Tor,

I'm not sure where one would get that information, nor if it's even possible. Do you know? One could, of course, imagine.
 
OJ From what I hear and read, there are a lot of bad and strange people who use Tor for bad and strange things. I've never bothered to look but who writes and controls the Tor software and the servers it goes through? No need to answer but it's like saying you are sending all your financial records via servers in North Korea. I'm not one who would feel comfortable with that.
 
There are perfectly valid reasons to use Tor, not everything Tor is related to doing something "illegal" or nefarious. This is not a discussion about whether or not it can be used to hide illegal actions, this is a thread about setting up Tor. Lets keep it that way.
 
2. As far as I recall, TorBrowser is an integrated package of mozilla browser + www/polipo, where an un-bundled polipo was found to leak certain information (don't recall details).
polipo isn't bundled. Maybe extract Tor Browser for Linux then replace binary components (tor, pluggable transports, patched firefox-esr) with native ones. However, due to lack of sandboxing Linux version running under Linux (not linuxulator) will always be more secure against deanonymizing attacks.

https://www.torproject.org/projects/torbrowser/design/
 
In my opinion if one is going to install Torbrowser in FreeBSD then it should be for research or developmental purposes. If it is for serious security use then it's probably better to use Linux. My personal opsec does not require ultimate security, but I'm time limited and not a professional so just have a separate computer for security use.
 
TL;DR Read handbook, figure out your security and anonymity requirement(s) and/or goal(s), read at links on Tor.

There's also a need to check for things like DNS leaks and using a VPN is recommended.
https://www.dnsleaktest.com/

If it's just experimental, or for some modicum of privacy in the modern age, as most use it for, you probably don't need all the bells and whistles.

However, security-wise, There's always compiling a Xen kernel xen(4)(),
Code:
#Add to your kernel config file for Xen support.
      options XENHVM
       device xenpci
using bHyve bhyve(8)(), or Virtualbox (emulators/virtualbox-ose. I'd recommend an encrypted disk zfs(8)() and geli(8)(). If possible, configure/install with hardened options (ram/swap encryption, disk encryption). Use pf, ipfw, or whatever you're most comfortable with, then just run Tails (linux-OS in a virtual machine).

Maybe best to start with this on OpenBSD, NetBSD, or Mir (which I have virtually know knowledge of).... or even pFsense. Don't use root, etc. etc.
I can't give you specific advise because I don't know your intended designs/requirements, nor am I an expert Tor. Tor guides will generally steer you in a safe direction.... with the exception of Microsoft (and possibly Apple's) keylogging and constant data flow, the most minimal system you can have, hardened, and trusted would provide the best security, along with virtual networking devices, etc. etc. The handbook and man pages are a man's best friend ;) Jails are also another option.

I'd read all of the Security section of the handbook (Chapter 13) (probably a must), 14: Jails, 15: Mandatory Access Control, 29: Firewalls, and 30: Advanced Networking

We can probably help with specefics but it all depends on how much tin foil you need to wear/what you are doing etc.
Breeze through the synopses of the Handbook, figure out a desired setup, and then perhaps we can give better advice.

For ultimate tinfoil hat, hardened NetBSD (I'm not sure about OpenBSD and Xen, but if there's a Xen kernel, maybe OpenBSD)... FreeBSD+Jailed vbox/bhyve+tails+a dns caching server or two, and ZFS and/or NetBSD's upgraded UFS, virtual hosts/networking, VPN (or two, or three)... but TBH tails does a decent job, especially with a VPN, of anonymizing traffic (though, as stated before, anonymous traffic != secure! But with a setup like that, you might just get hired at the NSA, assuming they'll give you any kind of clearance after you start your anti-psychotics.

Oh and if you're worried about security, everything should be wired, no wireless devices. Especially unencrypted keyboards and mice... but also wifi and bluetooth, obviously, kind of defeats the purpose of encrypting things when someone can easily access your encryption keys and everything you've ever typed in your system :D.

Oh! Make sure you're gateway and routers are secure, otherwise, again, what's the point? For that matter, tor has a page for good and bad ISPs.

Do be careful with what you click on and where you browse on Tor. Some hidden services are quite unsavory and I have browsed some but luckily not seen anything so bad that it traumatized me, but it's out there... Pedofiles and the like, who should just be castrated, murder for hire (yup, seen the sights, not sure if they're real, scams, setups, or what, but it's pretty weird to see it), but I think they're a minority of the users. Also tails is very good at paying attention to your nodes, but entry/exit nodes are a whole topic that is well documented on the Tor site itself.

Sorry for long post, haven't been on the forums in forever.
 
Very very useful topic and all the stated configs work like magic.
I've learnt a lot from it.
The queer happening is tha i can't access this thread or the f'bsd forum as ff can't find the address. :oops:
 
bsdnoob
I do not see any benefit of your postings to this old thread except that you quoted a statement that is not the whole story and as such is misleading.

The Tor-Browser is in fact a highly sophisticated configuration of firefox-esr which you won't get just by installing it and adding some addons. What you will miss is the configuration.
 
Per the tor-project site, there's a lot more to anonymous browsing than simply using the onion-ring router as a proxy.

The tor-project site recommends AGAINST ad hoc use of the router with applications that have not been tested.


DuckDuckGo.com Search: using tor site:torproject.org

RESULTS


From the above page,

"There are plenty of other programs you can use with Tor, but we haven't researched the application-level anonymity issues on all of them well enough to be able to recommend a safe configuration. Our wiki has a community-maintained list of instructions for Torifying specific applications. Please add to these lists and help us keep them accurate!

Most people use Tor Browser, which includes everything you need to browse the web safely using Tor. Using Tor with other browsers is [dangerous and not recommended]{https://support.torproject.org/tbb/tbb-9/}"


The tor wiki (https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO) describes issues surrounding the loss of anonymity due to tor-level vs. application-level-protocol leaks.

kot
 
Generally speaking, using Firefox with a local Tor SOCKS proxy is a really bad idea. Tor Browser has many adjustments to prevent leaking all kinds of data, mostly through Javascript. If you disable Javascript you'd probably be okay but I'd still be cautious.

I think the best designs are something like Whonix where the Tor layer is separate from your usage. It'd be on two different VMs or two different machines.
 
What I don't understand is that OBSD have the browser o it's repo and FBSD doesn't. Why is that?
And configuring a FF-ESR with the Tor service and some addons is not the best approach. One should use the official Tor-Browser to access the Tor network.
 
Back
Top