Sunday, August 11, 2013

Tor for Your PowerPC Mac

*UPDATE BELOW*

Awhile ago I wrote a post on Tor for Tiger, but since it's outdated it's time to update. In fact, I plan to follow this post with more privacy tips, including how to encrypt your email in Mail.app and TenFourBird. But for this post the focus will be on Tor.

Unless you've been under a rock, you know the NSA is collecting it all and seeking to keep permanent records of all your internet activity (cringe). While not alarming to most individuals in an immediate sense, just the awareness of all this cataloguing can have a chilling effect on how we think and act and can stifle a lot of the creativity and risk-taking that make a free society thrive. Unless you think East Germany was a model of creativity and innovation. Okay, they did use creative methods to win Olympic gold medals, but my larger point stands.

And it's not just the NSA. Many governments take a stalker's interest in what you're doing on the internet, and there are times when we need to protect ourselves. Case in point: bloggers. If you have something to say but are afraid of getting arrested (or sued), Tor will help you stay anonymous by running your traffic through proxies and masking your real identity, i.e. your IP address.

Normally the Tor Project recommends users download their browser bundle, which is the current Firefox ESR specially configured with Tor, but since they're no longer compiled for PowerPC, that puts us in a bit of a jam. Fortunately you don't need the bundle. You can just install Tor and configure your browser manually. On OS X you can install Tor with Tigerbrew or MacPorts. On Linux, just use apt-get or aptitude to install it.

For OS X, you start up Tor by entering tor in the terminal (you can also set it as a launch daemon on startup, though I've read tor has trouble regaining connections after OS X wakes from sleep). It'll give you a bunch of output messages as it establishes a connection, and once that's done, you can go to TenFourFox's Preferences-->Advanced-->Network and click the Settings button next to "Configure how TenFourFox connects to the internet". Select "Manual proxy configuration" (remember, to switch back click "Use system proxy settings") and for "SOCKS Host" enter 127.0.0.1 and 9050 for the port. Also, where it says "No Proxy for:" enter "localhost, 127.0.0.1".

TenFourFox proxy settings

Now you should be ready to browse anonymously, so go to https://check.torproject.org and it should say in bright green, "Congratulations. Your browser is configured to use Tor."

Good news, but it doesn't mean you're necessarily safe (see update below for additional information). There are certain precautions to take when using Tor, like running NoScript, which blocks all javascript by default. It was recently discovered that someone, presumably with the FBI or NSA, used a javascript hack to obtain Tor users' real IP addresses because they didn't have javascript disabled. That's fine for breaking up kiddie porn rings, but not so fine for the rest of us. So run NoScript. Also, do change your User Agent string. If it has Tiger or PPC in it, it'll make you stick out like a sore thumb. The default user agent for Tor Browser Bundle is currently "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0" and you can find how to change it in various browsers including Firefox here (or, more conveniently, there's the User Agent Switcher add-on). And one more thing, make sure Tor and your browser are updated.

On Linux, Tor automatically runs as a daemon after install, so you don't need to start it up in a terminal, but the TenFourFox instructions above apply to Iceweasel.

Also, you can set up OS X's Network Preferences to use Tor as a system-wide proxy for other applications by following steps 3 & 4 here, but I'm not sure how secure that is if the software we're talking about is no longer supported. You can torify TenFourBird by using the TorBirdy add-on instead.

Last thing I'll mention, if you don't want to use Tor all the time but want all your searches anonymous, one option is DuckDuckGo, but if you like Google better, there's Startpage. It gives you the same search results as Google, but it's done through a proxy so Google has no idea who you are. The plugin for your TenFourFox search bar is here, and many more search plugins are found here.

UPDATE: Apparently with the above TenFourFox/Iceweasel configuration, there is the threat of DNS leaks. The warning message is this:

[warn] Your application (using socks5 to port 443) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.

This can be corrected in TenFourFox and Iceweasel by going into about:config and changing network.proxy.socks_remote_dns to "true." This will force dns requests through the proxy and the warning will disappear. You could alternately install Privoxy and set it to use Socks4A like the warning recommends. This will protect you in applications other than your browser as well.

Incidentally, to avoid having to change all these preferences between Tor and non-Tor sessions, you can create a second profile in TenFourFox for just your Tor preferences/add-ons. I experienced a bug in the GUI Profile Manager, so I created a new profile in the command line with this:

/Applications/TenFourFox7450.app/Contents/MacOS/firefox-bin -CreateProfile Tor

where Tor is the name of my new profile, and TenFourFox7450.app is the name of the app in my Applications folder (yours may be different depending on your processor type). Now I have two profiles to choose from, default and Tor. To choose which one at startup, enter in the command line:

/Applications/TenFourFox7450.app/Contents/MacOS/firefox-bin -p

to bring up the Profile Manager window. Uncheck the "Don't ask at startup" box and the Profile Manager will appear every time you startup TenFourFox allowing you to choose.

There weren't any bugs in Iceweasel's Profile Manager, which you can simply invoke with iceweasel -p.

5 comments:

  1. Thanks for another insightful post. Your blog is certainly THE go-to destination for macppc users, both new and old. :)

    ReplyDelete
  2. Tor Browser Bundle available from
    https://sourceforge.net/projects/osxpowerpcpackages/

    ReplyDelete
  3. New version: 3.5.3 (Released in 2014-03-27.)

    Note: "Bundle version 3.5.3 is currently for Mac OS X Leopard (10.5) only."

    ReplyDelete
  4. Hi Dan, is there an idiot's guide to setting up Tor? I downloaded the 3.5.3 link (as suggested above) but for whatever reason ended up with 3.6.4 (I run Ffox 3.6.20 on a G5). Not sure what to do next. Also, it did occur to me that anyone wanting to subvert Tor merely had to set up a cloned site along with the downloads.... paranoia? Many thanks for your useful resource.N

    ReplyDelete
    Replies
    1. You just launch the app and it automatically connects to the network. However, there's been a lot of news the last few weeks about Tor maybe not being as secure as people thought. It's all a bit hazy now, but it's best to be cautious until the Tor people come out with more definitive statements. Right now they're basically saying, "We're looking into it."

      Delete