Privoxy + Tor Questions

[Beeblebrox]

I have my privoxy + tor setup and running, but I had several questions to which I have not been able to find good answers, so here goes:

1. Why is privoxy preferred in the tor setup over squid? It seems squid has more features (caching) and can certainly forward socks. Is it due to DNS leaks?

2. If I specify in torrc any of the following, tor cannot start. The folder configs give permission problems, while specifying a user results in "must start as root" mesage. The proxy has the daemon flag set, so the process daemonises to the background.

Log notice file /var/log/tor/notices.log  # folder permissions (_tor:_tor)
DataDirectory /var/lib/tor  # folder permissions (root:wheel - mod 700)
User _tor
Group _tor

3. Does anyone have any experience with with multiple node setup explained in the link? Can anyone give an opinion about the effectiveness / speed? I assume nodes can be lowered to 4 or 6? http://www.howtoforge.com/ultimate-security-proxy-with-tor
The start-up scripts given at end of the page are problematic for FreeBSD though; I tried unsuccessfully to modify the script myself and privoxy refused to start.

4. Since torbutton extension does not currently work with firefox-4 or on other browsers, I need to use separate proxy settings with separate browsers. I would still like all browsers to go through privoxy though, and only need to enable / disable the socks settings on the browser proxy configuration. However, since privoxy is told in the config file to listen for socks, the browser / privoxy are always deferring to tor as a default. How can I set privoxy ONLY (without tor) from browser settings, without disabling the socks listen in privoxy?

 

[SirDice]

1) it isn't. The bundled tor distribution even includes polipo instead of privoxy.

2) My torrc is bog standard, no editing required.

3) Can't comment on that.

4) Alternatively you could use FoxyProxy which does work with Firefox 4.0.

 

[Beeblebrox]

Hi, Sir Dice.

1. I have read a certain number of "dislikes" about polipo, but have never tried it. Squid however includes caching so I would prefer it, if it has same functionality with privoxy/polipo.

2. Editing is required on my side if I want to do #3!!

4. The problem is not "the button" really. Let's say I want to use midori or epiphany and I want it to go through privoxy/polipo but not tor. If in the browser setting I set socks proxy value as "null & 0", it does not work as privoxy forwards to socks anyway.

 

[flyweight]

First tell Squid 3.1 to use privoxy as parent.

/usr/local/etc/squid/squid.conf

cache_peer localhost parent 8118 7 no-digest no-query
never_direct allow all

Then forward requests to tor !!!don't forget the dot!!!

/usr/local/etc/privoxy/config

forward-socks4a / 127.0.0.1:9050 .

Also hide Tor exit notation in the Host and Referer Header.

/usr/local/etc/privoxy/default.action

{+client-header-filter{hide-tor-exit-notation}}
/
+hide-referrer{forge}

In my case squid is listening on port 8888 and my browsers are configured on

localhost:8888

for http requests.

After configuration I always do a Tor test. But remember that tor is experimental and you can't rely on it fully. Today I did a Browser Information Test on various websites and I could see my own IP once which is bad.

 

[Beeblebrox]

Hi, flyweight:

Already using socks5 on privoxy and referrer, header etc are changed. My point is, why chain squid -> privoxy in the first place? squid has socks5 capability and more (including privacy, even if privoxy is much better in this regard). What am I missing if I just go with sock5/4a in squid?

My second point is admittedly harder and now that I think of it, will require a second privoxy node: I want to toggle privoxy's (or other proxy) socks on a per browser basis. So I might be using one browser with privoxy + tor while using another browser with privoxy only! And I just answered my own #4.

Therefore, how to get #3 in original post working - this I'll have to look up scripting rules obviously.

 

[flyweight]

I use Privoxy only for additional header stripping, but it isn't working as expected. If you use the Gnome-config-deamon you could set system-wide proxy settings in a Gnome session.

I use the gnome-config-daemon on Openbox and have set up IP aliases for my net interface and also set additional hostnames in /etc/hosts. This makes the proxy configuration easier.

tor.hostname.domain privoxy.hostname.domain squid.hostname.domain

When I test my browser on some sites I can still see the HTTP-referrer header. Squid Privoxy and tor are all working. Do you have any tips?

 

[Beeblebrox]

@ flyweight: Sorry, not much I can offer on your problem. I stopped tweaking my privoxy when I decided I wanted to first clearly understand "what is privoxy doing that squid is unable to?"

 

[bes]

Since torbutton extension does not currently work with firefox-4..

BTW, current alpha version: Torbutton 1.3.2-alpha works with firefox-4. You can install alpha from torproject website.