May 132012
 

Journalists, perverts, and activists are no longer the only people having good reasons to anonymize their web browsing. After retention obligations for ISPs and telecom providers, married off as anti-terrorism and anti-crime measures, now the next wave of controversial legislation is being cooked up. PIPA, SOPA, and ACTA have all been developed to protect heavily lobby-driven commercial interests, thereby trampling basic civil rights.

In this article we explain how to anonymize your web browsing, using Tor, Polipo (the successor to Privoxy and Squid), and Vidalia on a Fedora Linux installation.

Installing Tor and Polipo

We start by installing the Tor and Polipo RPM packages tor, tor-core, tor-systemd (formerly tor-lsb), and polipo, for example using the yum package manager:

yum install tor tor-core tor-systemd
yum install polipo

Other (graphical) package managers like Smart or the Gnome Package Manager might be easier to use.

Configuring Tor and Polipo

Then we check the configuration of the Tor server, as specified in the file /etc/tor/torrc, to set which IP address and port it is listening to. Here we make sure that access to the server is only allowed from local applications:

SocksPort 9050
SocksListenAddress 127.0.0.1

Likewise, the configuration for Polipo is specified in the file /etc/polipo/config. We make sure the parent proxy declaration is pointing to the Tor service at port 9050:

socksParentProxy = "localhost:9050"
sockProxyType = socks5

The default port at which Polipo at its turn is offering its service is 8123.

Starting the Tor and Polipo services

Now it’s time to start-up the services we have just configured. On Fedora version 14 we go to the menu System -> Administration -> Services, where we enable and start both tor and polipo.

On Fedora version 16 we use the systemctl command instead:

[root@localhost ~]# systemctl enable tor.service
ln -s '/lib/systemd/system/tor.service' '/etc/systemd/system/multi-user.target.wants/tor.service'
[root@localhost ~]# systemctl start tor.service
[root@localhost ~]# systemctl enable polipo.service
polipo.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig polipo on
[root@localhost ~]# systemctl start polipo.service

Polipo refused to start the first time, complaining about the log file not being accessible:

[root@berdoo ~]# service polipo start
Starting polipo: Couldn't open log file /var/log/polipo: Permission denied
                                                            [FAILED]

It turned out the log file was not there, so we created it by hand:

touch /var/log/polipo
chmod 640 /var/log/polipo
chown polipo:polipo /var/log/polipo

after which this issue was solved.

Now these two proxy servers should be running smoothly, providing a SOCKS5 entrance for local web applications to connect to.

Installing FoxyProxy for Firefox

We could simply specify a permanent proxy setting in our browser configuration, but we rather install a proxy manager instead. The Tor project used to provide the Torbutton add-on for Firefox, but it is no longer being maintained. So instead we install the FoxyProxy Standard add-on, allowing us to manage our proxy settings both dynamically and manually.

The configuration of the new proxy is straightforward. Clicking to Tools -> FoxyProxy Standard -> Options brings us to the configuration window where we click Proxies -> Add New Proxy.

In the General tab we set the new Proxy Name to “Tor+Polipo” and the colour to green (“#00E555” for Fedora version 16 and “#00E654” for version 14).

In the Proxy Detail tab we select Manual Proxy Configuration, and we set the Host or IP Address to “localhost” and the Port to “9050“. Then we enable the SOCKS proxy, setting it to “SOCKS v5“.

Finally, in the URL Patterns tab we enable Do not use this proxy for internal IP addresses.

After we have created the new proxy configuration, we set the Select Mode to “Use proxy “Tor+Polipo” for all URLs“, routing all our web traffic through the anonymizer.

We can verify that the IP address a web server is seeing (i.e. is receiving our request from) is not our own by browsing to this site:

http://www.whatismyip.com/

As you will soon learn, browsing this way is a lot slower than connecting directly. Fortunately, the proxy can quickly be disabled and enabled again through the FoxyProxy button in the browser window or through the menu Tools -> FoxyProxy Standard.

Vidalia

Vidalia, also readily available as part of our Fedora Linux distribution, provides a graphical user interface to the Tor server and configuration. After installation:

rpm install vidalia

the application is immediately available through the application menus: Applications -> Internet -> Vidalia.

At first start-up, the program complains about not being able to connect to the Tor network (since it is already running).

We ignore these messages for now, and click Settings -> General, where we disable “Start the Tor software when Vidalia starts“.

For Vidalia to be able to access the Tor server, we need to go back to the configuration file /etc/tor/torrc, where we open up the control port.

ControlPort 9051
HashedControlPassword 16:E497A47784FEF65B60CBC46401790C54EBB83EF716FD1E4C100DFC0D1D

The hashed password can be generated from a plain password on the command line:

[root@berdoo ~]# tor --hash-password <SecretTorControlPassword>
May 13 14:30:38.333 [notice] Tor v0.2.1.30. This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)
May 13 14:30:38.333 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
16:E497A47784FEF65B60CBC46401790C54EBB83EF716FD1E4C100DFC0D1D

After restarting the Tor server (on Fedora version 16):

systemctl restart tor.service

or (on Fedora 14):

service tor restart

we enter these settings in Vidalia: Settings -> Advanced: Tor Control.

And that completes our installation

making all sorts of management information from the Tor network available through the Vidalia interface.

The Tor Browser Bundle

For people not wanting to go through this laborious configuration, the Tor project offers a ready-to-run Firefox installation. The Tor Browser Bundle needs only be unpacked to be installed in your home directory. After that, the tweaked Firefox browser can be started from the command line immediately.

 

  One Response to “Anonymous Web Browsing: Installing Tor, Polipo, and Vidalia on Fedora”

Leave a Reply