ROUTING ALL TRAFFIC THROUGH TOR: PRO AND CONS
Every reader of DeepDotWeb knows the importance of surfing the web protected by the Tor network and therefore uses a Tor Browser Bundle. The TBB not only helps us connecting through the Tor network while surfing the internet allowing us to visit onion sites and hiding our ip, but it also uses many security built-in plugins to increase our anonymity (e.g. HTTPS Everywhere, and NoScript). Why not considering the idea of extending the anonymizing features described above to every online action performed on our machine, routing all our traffic through the Tor network?
ROUTING ALL TRAFFIC THROUGH TOR: IS IT REALLY THAT GOOD?
What we would like to do is force all of our applications to connect through the Tor network to avoid our IP to be revealed when we use our mail client or we download a torrent movie. But is it that simple? The truth is that doing such a thing is highly deprecated by the Tor developers. Using an “all in one solution” which forces all the traffic through Tor in fact, does not prevent the applications to misbehave using unsafe settings or protocols, resulting in IP leaks. A well known example of what I’m saying, is explained clearly by the torproject developers in a document regarding Bittorrent. In simple words, what they try to teach us, is that Bittorrent clients like uTorrent, simply ignore the proxy settings when we say them to connect over Tor. In fact Tor supports TCP while a torrent tracker runs over UDP, so it’s impossible for uTorrent to use the proxy settings we specify in this way. The result is an ip leak.
So while using Bittorrent over Tor is a stupid idea, what about other applications? The answer is that every application behaves in a different manner with different settings, so it is just stupid expecting that every application will do its best to not betray you. Anyway many software products support the usage over Tor like Mozilla Thunderbird that allows you to connect over Tor through the TorBirdy plugin. Read a lot and find the tools that better suit your need of anonymity.
By the way, if you still want to find a way to “torify” all your traffic, the torproject comes in help with two different approaches:
- Transparently routing traffic through Tor
- Isolating Proxy
TRANSPARENTLY ROUTING ALL TRAFFIC THROUGH TOR
A proxy is called “transparent” when the clients are not aware of it. Anyway the server knows that the requests come from a proxy. Normally, setting up a SOCKS server is not enough, thus you should configure every application to connect through the proxy but still not all the existing applications allow a connection through SOCKS. Furthermore, if you are the Network Administrator, you could also want the users not to know they’re using such a proxy. These problems can be avoided using a transparent proxy to redirect all the traffic. Tor has a transparent functionality that allows us to use it as a transparent proxy but there are many known issues with leaks of different kinds. The recommended solution is therefore an Isolating Proxy.
ISOLATING PROXY: HOW DOES IT WORK?
An isolating proxy resolves the problem of transparent leaks implementing security by isolation. This solution requires two physical or virtual machines, one is called “the Gateway” and the other “the Workstation”. The Gateway has only two interfaces, one connected to the clearnet and another connected to the Workstation through a LAN cable. Tor can run on the first interface as well as on the second one. The Workstation is completely isolated and only runs the applications like the Tor Browser Bundle or Hexchat connecting through the SOCKS port towards the Gateway. This system protects you from malwares adding you to a botnet, from DNS leaks and IP leaks.
Whonix is the best existing implementation of the isolating proxy concept.
Whonix is a free Debian-based OS specifically designed to protect your privacy forcing all connections through Tor or blocking them. Whonix is run inside multiple virtual machines and all the applications you need are pre-installed and configured to connect over the Tor network. DNS leaks are impossible as well as IP leaks.
The SocksPort setup prevents identity correlation by connecting any application to a different Tor SocksPort while normally you would use the same nodes for all the applications used simultaneously.
Whonix can be integrated with Qubes OS to make you work in a high-privacy environment but it can cooperate also with Linux, Windows and OS X.
To conclude, let me say that there are tools out there that promise you to help you route all your traffic through Tor. Built-in tools like these (often developed for Windows systems) ARE NOT RELIABLE, the only trustworthy existing system that allows you to do such a thing is Whonix inside Qubes.