Trilight Zone

[trihub]

Article by Tony Lawrence
Source: http://aplawrence.com


I'm sure some people have reasons to want to hide their true identity when browsing the internet. Some of the reasons that immediately come to mind involve illegal or immoral activity, but really there are legitimate reasons. Tor users aren't necessarily shady characters or people prone to wearing tin-foil hats.

I downloaded the Vidalia Bundle for OS X. This includes Tor, Vidalia (a Tor GUI ), Torbutton (a Firefox tool to control your use of Tor), and Privoxy (a filtering web proxy) into one package, with everything ready to work together. You'll find full instructions for that bundle at http://www.torproject.org/docs/tor-doc-osx.html.en.


You need to have Firefox shutdown while doing the install because it starts up another copy to add Torbutton. You are also asked to reboot. That always raises my eyebrows: just WHAT did you do to my system that requires a restart? A proxy server shouldn't have to hook very deeply into the OS - it just needs to sit on a port. Why the restart? I don't like that..

I could not get Torbutton to work. I couldn't even get it to show its buttons and while I did have it installed it prevented Firefox from closing down. This may be because I use NoScript; Torbutton flat out states that they don't like Noscript:

Torbutton currently mitigates all known anonymity issues with Javascript. While it may be tempting to get better security by disabling Javascript for certain sites, you are far better off with an all-or-nothing approach. NoScript is exceedingly complicated, and has many subtleties that can surprise even advanced users. For example, addons.mozilla.org verifies extension integrity via Javascript over https, but downloads them in the clear. Not adding it to your whitelist effectively means you are pulling down unverified extensions. Worse still, using NoScript can actually disable protections that Torbutton itself provides via Javascript, yet still allow malicious exit nodes to compromise your anonymity via the default whitelist (which they can spoof to inject any script they want).


I really can't agree that I'm better off with all or nothing, but there it is. As Torbutton is largely convenience anyway, and as I really have no plans to use Tor extensively anyway, I decided not to pursue the reasons for this failure and just configured Firefox preferences to use localhost:8118 as its proxy. That was simple for Firefox and Opera, but Safari doesn't specify proxies directly. It calls up the OS X network preference pane instead. I could not make that work except for Safari. That is, if I configured my Ethernet connection to use the proxy, Safari would use it but Opera and Firefox would not. That seems wrong.. I would have expected the Ethernet configuration to affect everything, but it didn't.

I think I'd rather have per-browser configuration anyway. If I did have reason to use Tor, I'd probably use it with one specific browser rather than wanting to use it for everything.

But as I said, I have no pressing reason to use Tor anyway. It might be handy now and then if I were testing web scripts that key on IP, but that doesn't come up very often. I just can't think of any other reason I need this.

How about the rest of you? Do you use Tor for anything specific? Or is this conspiracy theorist realm for you?