Wednesday, 13 November 2013

How-to: Install TOR on Debian


You may recall I talked about privacy matters a while ago, and about the use of TOR in particular  to preserve your anonimity on line. Now that we've had the whole Snowden/NSA snooping scandal, it seems like our privacy is precious enough to take another look.

Enter the TOR Project: https://www.torproject.org/, in full, The Onion Router, which is a network of volunteer servers through which encrypted traffic is randomly routed so as to be (mostly) untraceable back to the originator.

It prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

This may not be the most elegant way to install TOR on Debian, but it works for me so here goes...


Firstly, do not use the packages in Ubuntu's repositories, there have been update issues so you could be missing stability and security fixes.

Instead, set up the TOR package repository appropriate to your distribution, which is done by name; run lsb_release -c
or
cat /etc/debian_version.
Results will be any of:

  1. Debian unstable (sid) is "sid" 
  2. Debian 7.0 (wheezy) is "wheezy" 
  3. Debian 6.0 (squeeze) is "squeeze"
Then add this line to your /etc/apt/sources.list file:

deb http://deb.torproject.org/torproject.org main

Refresh your package sources:

sudo apt-get update

If there are no errors you're good to continue.

The TOR project provides a Debian package to help keep the signing key current. You can install it using

apt-get install deb.torproject.org-keyring

And finally, to install Tor, run:

apt-get install tor

This will install the base Tor service layer.

Installing the Tor client
The easiest way to do this for anonymised web browsing is to simply download the Tor Browser Bundle. It comes with a ready configured Tor base and a Firefox browser which has been patched for better anonymity.

For instant messaging, Jabber, IRC, etc, although you can point your application directly at Tor (localhost port 9050), this isn't all that safe and needs a separate tutorial. Liekwise, if you have a personal firewall that limits your computer's ability to connect to itself you will need to allow connections from your local applications to Tor.

What is the Tor Browser Bundle?
The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.

Download the appropriate file in your language, then run one of the following two commands to extract the package archive to /a location from whence it will run/ (do not unpack or run TBB as root):

tar -xvzf tor-browser-gnu-linux-i686-2.3.25-14-dev-en-US.tar.gz

or (for the 64-bit version):

tar -xvzf tor-browser-gnu-linux-x86_64-2.3.25-14-dev-en-US.tar.gz 


Once that's done, switch to the Tor browser directory by running:
cd tor-browser_en-US

To run the Tor Browser Bundle, execute the start-tor-browser script:
 

./start-tor-browser 

This will launch Vidalia and once that connects to Tor, it will launch it's own Firefox instance into a homepage giving your TOR status and IP address. Happy browsing!

Configure TOR as a relay. 

The Tor network relies on volunteers to donate bandwidth. Having relays in many different places on the Internet is what makes Tor users secure. You may also get stronger anonymity yourself, since remote sites can't know whether connections originated at your computer or were relayed from others. 

The more people who run relays, the faster the Tor network will be. If you have at least 50 KiloBytes/s each way, you can help out Tor by configuring your Tor to be a relay too. There are built-in features that make Tor relays easy and convenient, including rate limiting for bandwidth, and support for dynamic IP addresses.

2 comments:

  1. Go to tor browser download that is where I found the original post it has a good link to the free download.

    ReplyDelete
  2. Sarah: yes, that also works and I've been using it to get updates since I posted this.

    ReplyDelete

At least try to be nice, it won't kill you...