Tor (which stands for The Onion Router), is a powerful anonymity service originally developed by the US Navy, which helps protect citizens around the world from abuse and monitoring. A VPN also offers the same service, if you’re not familiar with the tool, you can read about the VPN meaning here.

Most people use Tor via the Tor Browser, which simplifies setup, and I encourage you to use that where you can. This article discusses going one step further, and routing all traffic through Tor via the use of a HTTP proxy.

In the UK, the passage of the disastrous #IPBill places everyone under suspicionless surveillance, and I have client confidentiality to consider. So, as a matter of due diligence, I wanted to ensure that when my ISP’s surveillance database was inevitably hacked, the information the Russian Mafia got was of limited use.

This was easy enough to set up.

Install and configure Tor

The first step is to install Tor; not the browser, but the software the browser talks to in order to make it’s connection. On Debian based systems, apt-get install tor.

Tor comes with a SOCKS proxy, so enable support by editing /etc/tor/torrc and uncomment the line:

SocksPort 9050

If this is a network server, you may want to enable an external proxy on your network as well (for example, I have an always on Raspberry Pi running a tor proxy for all the various iOS devices on my home network).

Chain a simple HTTP Proxy

Once that’s done, you’ll have a SOCKS proxy up and running that’ll route anything it gets through Tor. Many things (e.g. the aforementioned iOS devices) won’t talk SOCKS. To solve this, I use a light weight HTTP proxy called polipo to create a HTTP proxy wrapper for Tor’s SOCKS proxy.

Install polipo: apt-get install polipo

Then configure the proxy to chain to Tor’s SOCKS proxy, modify /etc/polipo/config:

...

allowedClients = 127.0.0.1, 192.168.1.0/24 # Expose your network (modify accordingly)

socksParentProxy = "localhost:9050"
socksProxyType = socks5

proxyAddress = "0.0.0.0"    # IPv4 only

...

On my Raspberry Pi, I also disable the caching by adding diskCacheRoot = "" to the config, as this prevents polipo from filling up the SD card and breaking the proxy.

Restart both tor and polipo, and now you should have both a tor SOCKS and HTTP proxy.

Change your browser settings

Finally, you need to configure your browser (or your entire system) to use this proxy. This is different depending on what you’re using, but on Ubuntu you can set global proxy settings in your system settings, which will route all traffic over your new proxy (default port 8123).

iOS devices have a per-network proxy configuration found in your wireless network configuration (click on the little “i” icon).

Verify everything is working by visiting check.torproject.org.

Our economy is officially in the grip of the much feared double dip recession, and since we’re all in it together it is our duty to save the country money wherever we can. We’re in the big society after all!

So, since the government’s plan to spy on every UK citizen’s email, IM and phone calls is going cost billions of pounds that could be better spent murdering brown people or giving the Queen a nice new boat for her jubilee, National “CC your emails to Theresa May” day hopes to save the government the cost by encouraging patriotic citizens such as yourself to simply forward all your emails to our beloved big sister!

Anyone know her cell number so I can conference her in to my meetings tomorrow as well?

I asked this question over on Hacker News, as well as Quora, but I thought I’d also ask it here…

The UK plans to intercept all electronic communication. They currently don’t plan to snoop on content, but as noted elsewhere connection data is just as invasive.

To me this is both a civil liberties and business risk problem. I view my list of business contacts as confidential information and I don’t trust the government not to leave this information on a train somewhere.

Legal solutions are one thing, but the snoops keep raising their heads, so my feeling is that we need to actually find a way to make this sort of thing technically impossible.

Content encryption is already largely solved, although for email we still need a critical mass of people using PGP or similar.

VPNs just seems to push the problem to another jurisdiction, and if this is an agenda all governments will one day pursue, this will become decreasingly useful.

What can an individual do to protect content and connection data? Onion routing for mail servers? Do technical solutions rely on everyone doing it and so are unlikely to get much traction?

So what are your thoughts? What can we build?