On Friday 26 April 2019 20:30:42 William Morder wrote: > On Friday 26 April 2019 09:37:05 andre_debian@... wrote: > > > > Not so easy to use it, I only need as anonymous navigator. > Okay, so I apologize in advance for the length, but I tried to cover all the > steps. Here, I realize, it may look like a bit much; and I didn't just jump > into this all at once. This is the accumulation of research and experience > of using tork-trinity (or its earlier KDE3 version) since about 2005 or > thereabouts. And I am sure that there are a dozen or more people reading the > Trinity mailing list, who know better than I about some of this. (And please > add your own tested recipes!) Make small changes, one thing at a time, until > you get it configured as you want. > I am running Devuan Jessie, but this is close enough to Debian Stretch, > and ought to work for you. And anyway, I am trying to move up to Stretch or > Buster ASAP. > Yes, you do need to install privoxy, although tor can use some other > proxies, such as polipo, etc.; but I haven't tried them. > 1. You need to make sure that you have certain packages installed in order > to get full functionality. > These are all the packages that I have installed specifically for > tor/tork/privoxy. It is especially important that you get everything for > libevent and geoip, torsocks (or maybe tsocks on some systems, but torsocks > is newer); you can probably do without anything dbg or dev. I tend to do > overkill, and try out everything, then discard later. > sudo apt-get install apt-transport-https apt-transport-tor geoclue geoip-bin > geoip-database-extra libanyevent-perl libevent-core libevent-dbg > libevent-dev > libevent-execflow-perl libevent-extra libevent-loop-ruby libevent-openssl > libevent-perl libevent-pthreads libevent-rpc-perl libeventviews4 > libgeocode-glib0 libghc-socks-dev libghc-socks-prof libghc-vector-dev > libghc-vector-doc libghc-vector-prof libkimproxy4 libseccomp2 privoxy > python-geoip python-torctl tor tor-arm tor-geoipdb tork-data-trinity > tork-trinity torsocks tzdata tzdata-java > You don't need these, but maybe you'll want to try them out, just because. > sudo apt-get install myproxy myproxy-admin myproxy-dbg myproxy-server > obfs4proxy obfsproxy ocproxy onionshare torbrowser-launcher torchat > 2. It is good to have sysv-rc-conf installed (as mentioned previously), so > that you can disable tor and privoxy from starting up automatically. Disable > all lines for both tor and privoxy; otherwise, run "pkill tor | pkill > privoxy"; but it's a bother to do this every time. > 3. Once you have the packages you need, run the first-run wizard. First time > you start it up, run as client, then configure as you wish; but I generally > choose custom or "configure myself". Make sure that you are set up to run > socks5. > 4. When tork is up and running, click on <settings> and <configure tork>. > Under <My Tor Client>, you want to set a password (study up on password > security, if you haven't done so already). Under <Network View>, you will > find categories where you can set servers to avoid, or those that you prefer > as exit servers. If this is your first run, these ought to be empty. You > click okay, and it's running. > Now you want to find those servers that you prefer; and later, you'll > discover some that you might want to avoid. > You ought to see four columns: <Anonymize>, <Tor Network>, <Tor Log>, and > <Traffic Log>. Click on <Tor Network>, then look at the top for <Servers>. > Click on that, and you'll see a list of options. I currently click the > choices for Valid, Fast, Exit, Running, Guard, Stable. > (The others don't work > so well.) Once you have clicked on these choices, you'll see that your list > of servers at the left have all turned green, and all say exit. Hit ctrl-A, > and capture (like copying text), then right-click, choose > [* see below] "From > now on", then either "Always use server as exit" or "Try to use server as > exit". If you go back into Settings/Configure Tork/My Network View/Preferred > Exit Servers, you will now see that your list is filled with preferred exit > servers, all the ones that got branded with the green onion. > You'll also note that there is a little box that reads "Use only these > servers for exit"; which corresponds to that choice you made above.* > 5. Another thing that you can do is to change your apparent location, by > choosing in what country you want your exit server. If the EU blocks you > from reading the LATimes or Washington Post (for example), > you can change your server to a US server. > 6. Now your tork-trinity ought to be all set up to manage tor; and this is > just fine for browsing. But if you just wanted to use it for browsing, you > wouldn't go to all this trouble; and there are so many more neat things that > you can do now. > Click on Anonymize, and you'll see one-click choices for anonymizing > Firefox, Kopete, Pidgin, etc. (This varies according on what you have > installed, and not everything shows up; Opera shows up, but not > Icecat or PaleMoon; Kopete and Pidgin show up, but not other chat programs.) > Farther down that list, though, is where you can do some weirder stuff. > 7. Anonymous SSH Session - or, occasional god-like powers > Click on this, and you will have secure shells in Konsole, which is nice for > torifying various programs; for example, torrents, some browsers (arora, > midori, etc.) I torify xmms over the ssh session. Also, I can download with > wget, curl, youtube-dl, etc. I can do whois lookups over the ssh, and so on. > (This is useful if you get blocked from certain sites for using Tor, yet you > might also be blocked because you live in the "wrong" country. If you torify > your program, you can sometimes have your cake and eat it, too.) In order to > torify, just put that word into your command, usually preceding the usual > command; e.g.: > torify youtube-dl -v -c -f mp4 --no-check-certificate -R 999999 > torify wget -c -t 0 --retry-connrefused --no-check-certificate > 8. Anonymous Shell for Command-line Programs using HTTP/HTTPS > I use it for downloading deb packages, etc., but there are other uses. > In this case, instead of "sudo apt-get install" (for example), the > command changes to "sudo torify apt-get install"; and modify > accordingly for other apt commands. > 9. There are also some configuration files that I use to modify my firewall, > tor and privoxy. I use firestarter as my firewall, because I can watch > activity in real time, rather than opening a log file all the time; however, > I also disable ipv6, which takes some more doing. I don't know if the > user-pre file can be adapted to other firewalls, or iptables, etc. > 10. See attachments for config files. Here are locations for those files: > /etc/privoxy/config > /etc/tor/torrc > /etc/tor/torsocks.conf > /etc/firestarter/user-pre > (NOTE that I got these configurations from somewhere on the torproject > website, though I don't remember the links now.) > Not everybody cares if the Man knows that they play chess or watch cat > videos; > but maybe people live in places where normal innocent behavior has become > suspect. > I know this seems like a lot; and it is a lot of trouble, if all you want to > do is read the LATimes and WaPo where you live. > But once you have figured out > how to torify various programs, or to run hidden services (not there myself > yet), then I feel sure that you will start to think about other > possibilities. > For example, I run my own online radio station, but I cannot listen to it > over > a proxy, unless I torify xmms; and then it works fine. Or maybe I want to > look up my local TV listings, but I don't really want to get advertising > based on my viewing habits. Or I want to watch a YouTube video, but I find > that it is not available in various countries. > I hope that this gives you a good start with tork. It is definitely a > program worth keeping around. Bill Long answer, so good, precise, thanks Bill. Now, I have to try ASAP... Good labor day tomorrow (1st may). andré