-
Notifications
You must be signed in to change notification settings - Fork 27
Security
archtorify is produced independently from the Tor anonimity software and carries no guarantee from the Tor Project about quality, suitability or anything else. Please read these documents to know how to use the Tor network safely:
archtorify is a bash script to start a transparent proxy through Tor to be used for a safe navigation during communications, searches or other activities with Arch Linux, but does not guarantee 100% anonymity.
About Transparent Torification, please read Transparent Proxy Leaks (mostly Microsoft Windows related) and/or consider an Isolating Proxy) as alternative. See Whonix for a complete, ready-made VM based solution (alternatively using multiple physical computers) built around the Isolating Proxy and Transparent Proxy Anonymizing Middlebox design.
See: Transparent Proxy: Brief Notes
Applications can still learn your computer's hostname, MAC address, serial number, timezone, etc. and those with root privileges can disable the firewall entirely. In other words, transparent torification with iptables protects against accidental connections and DNS leaks by misconfigured software, it is not sufficient to protect against malware or software with serious security vulnerabilities.
See: ArchWiki: Tor - Transparent Torification
Before run archtorify, you should change at least the hostname and the MAC address:
Setting the Hostname on Arch Linux
Changing MAC Address on Arch Linux
Don't start Tor Browser when transparent browsing (archtorify) is active, this to avoid Tor over Tor Scenarios.
Arch Linux is a user-centric distribution, for this, configuration of transparent proxy strongly depends on your network settings.
Before starting the program make sure you have read the Arch Linux wiki pages about Tor and network configuration
After starting archtorify you can use tcpdump to check if there are any internet activity other the Tor:
First, get your network interface:
ip -o addr
or
tcpdump -D
We'll assume its enp0s3.
Next you need to identify the Tor guard IP, you can use ss, netstat or GETINFO entry-guards through the tor controller to identify the guard IP.
Example with ss:
ss -ntp | grep "$(cat /var/run/tor/tor.pid)"
With the interface and guard IP at hand, we can now use tcpdump to check for possible non-tor leaks. Replace IP.TO.TOR.GUARD with the IP you got from the ss output.
tcpdump -n -f -p -i enp0s3 not arp and not host IP.TO.TOR.GUARD
You are not supposed to see any output other than the first two header lines. You can remove and not host IP to see how it would look like otherwise.