Additional Info





I have been complimented many times and they always embarrass me; I always feel that they have not said enough. (Mark Twain)

A crowded police docket is the surest of all signs that trade is brisk and money plenty. (Mark Twain)








This post tagged:



Share

Tor Bundle for Mac OS X

I'm sure some people have reasons to want to hide their true identity when browsing the internet. Some of the reasons that immediately come to mind involve illegal or immoral activity, but really there are legitimate reasons. Tor users aren't necessarily shady characters or people prone to wearing tin-foil hats.

I downloaded the Vidalia Bundle for OS X. This includes Tor, Vidalia (a Tor GUI ), Torbutton (a Firefox tool to control your use of Tor), and Privoxy (a filtering web proxy) into one package, with everything ready to work together. You'll find full instructions for that bundle at http://www.torproject.org/docs/tor-doc-osx.html.en.

You need to have Firefox shutdown while doing the install because it starts up another copy to add Torbutton. You are also asked to reboot. That always raises my eyebrows: just WHAT did you do to my system that requires a restart? A proxy server shouldn't have to hook very deeply into the OS - it just needs to sit on a port. Why the restart? I don't like that..

I could not get Torbutton to work. I couldn't even get it to show its buttons and while I did have it installed it prevented Firefox from closing down. This may be because I use NoScript; Torbutton flat out states that they don't like Noscript:


Torbutton currently mitigates all known anonymity issues with Javascript. While it may be tempting to get better security by disabling Javascript for certain sites, you are far better off with an all-or-nothing approach. NoScript is exceedingly complicated, and has many subtleties that can surprise even advanced users. For example, addons.mozilla.org verifies extension integrity via Javascript over https, but downloads them in the clear. Not adding it to your whitelist effectively means you are pulling down unverified extensions. Worse still, using NoScript can actually disable protections that Torbutton itself provides via Javascript, yet still allow malicious exit nodes to compromise your anonymity via the default whitelist (which they can spoof to inject any script they want).

I really can't agree that I'm better off with all or nothing, but there it is. As Torbutton is largely convenience anyway, and as I really have no plans to use Tor extensively anyway, I decided not to pursue the reasons for this failure and just configured Firefox preferences to use localhost:8118 as its proxy. That was simple for Firefox and Opera, but Safari doesn't specify proxies directly. It calls up the OS X network preference pane instead. I could not make that work except for Safari. That is, if I configured my Ethernet connection to use the proxy, Safari would use it but Opera and Firefox would not. That seems wrong.. I would have expected the Ethernet configuration to affect everything, but it didn't.

I think I'd rather have per-browser configuration anyway. If I did have reason to use Tor, I'd probably use it with one specific browser rather than wanting to use it for everything.

But as I said, I have no pressing reason to use Tor anyway. It might be handy now and then if I were testing web scripts that key on IP, but that doesn't come up very often. I just can't think of any other reason I need this.

How about the rest of you? Do you use Tor for anything specific? Or is this conspiracy theorist realm for you?

Be sure to read Why you need balls of steel to operate a Tor exit node if you are thinking about Tor.

There are real risks involved. Your risks from NOT using this would have to be very high before you should consider this. This isn't for some paranoid tin foil hat type who thinks the government cares about their private browsing.

This post describes Tor Hidden Web Service. Comments, Tips for Linux.



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Tor Bundle for Mac OS X


7 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Mon Mar 23 16:21:08 2009: 5825   CorkyAgain

gravatar
I tried Tor a few years ago. It's too slow. Most of the time, my packets were being routed through servers in Europe. I couldn't find any way to configure it so it would only use servers in North America. That would have helped speed things up, since I'm in the US and so are most of the sites I browse. If there's a way to do that, perhaps some other commenter can explain how.

I've also heard that Tor users might be vulnerable to man-in-the-middle attacks by unscrupulous node operators. I don't know if that's true, but it's something to think about.



Mon Mar 23 16:22:57 2009: 5826   TonyLawrence

gravatar
I didn't notice any unusual slowness, but I just don't need this..



Mon Mar 23 21:56:42 2009: 5827   BrettLegree

gravatar
I run a Tor server on one of my machines, just in case someone :) might need to use it. The information wants to be free, and I want to help out our friends from some of the questionable regimes...



Mon Mar 23 22:52:33 2009: 5828   yungchin

gravatar
CorkyAgain: there were some rumours about that - (link) - I don't know how they resolved it.

Also, for a related recent read: (link)



Mon Mar 23 22:56:19 2009: 5829   TonyLawrence

gravatar
Uggh. Scary.



Mon Mar 23 22:57:01 2009: 5830   BrettLegree

gravatar
@yungchin,

Good point about the exit nodes. I've thought about that before, and then I figured if it ever happened to me, I'd get a good lawyer - here's why - if it ends up passing through my network, it has also passed through my ISP's network - so they are just as guilty as I am... assuming I'm guilty, that is.

Since I did not request the data in question, nor did my ISP, how am I any more responsible than my ISP?

(Yeah, the little guy never wins, but sometimes he does.)



Fri Feb 4 15:06:55 2011: 9277   TonyLawrence

gravatar


More on exit nodes: (link)

Too much hassle for me. As I said before, I don't need this anyway.

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us