[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tor

From: Denis 'GNUtoo' Carikli
Subject: Re: tor
Date: Thu, 1 Sep 2022 16:27:35 +0200

On Tue, 30 Aug 2022 18:32:26 +0000
Gottfried <> wrote:

> As far as I understand you I can delete the package:
> tor-client and tor-socks, because I have tor installed.
> Am I right?
tor is just a daemon that somehow connects your machine to the
tor-network but it doesn't automatically route any traffic through that

And to start it you either need to run it manually or configure it in
your list of services in your system.scm with something that looks like
>(service tor-service-type
>         (tor-configuration))

The tor-client only contains some utilities that are not very

As for torsocks, it's an application to enable other applications to
route their traffic through Tor, but in an extremely unreliable way.

The Tor project documentation has been advising people not to rely on
torsocks because some of the times it doesn't work at all and the
application doesn't use Tor at all, even with torsocks.

And in many cases, with torsocks, very important private information
(like DNS querries) do not go through the Tor network.

The alternative is to configure each applications to talk to the tor
daemon through the socks5 protocol.

And even that is not perfect because if you do that with a browser, the
browser will still not be anonymous because of browser fingerprinting.
But at least your location will be hidden which is already something

Tails works by preventing almost all applications from accessing the
Internet directly, and they are configured for using the Tor daemon.

So if there is any application misbehaving, it's not that problematic
because the only way the applications can send data is through Tor.

To have something like that in Guix we would need to package the ferm
firewall tool Tails used to implement this, and have users adapt the
Tails ferm configuration for their usage and/or enable users to use a
default configuration that is very restrictive (and so doesn't work for

I've managed to relatively easily reproduce something like that on
Parabola (because ferm is packaged there), but not yet to have a fully
functional system with it because I didn't manage yet to run the
tor-browser as another user yet, which is required for that setup to

The issue is that we obviously need to put more resources on things
like that (by funding the tor-project, having more people work on that,
etc), but resources are also not easy to find.


Attachment: pgpxj4cPdE0Xg.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]