Online privacy and net-neutrality are terms that are being thrown about quite a lot nowadays. The security of systems on the Internet and especially the data on them as well as data passed to and from them has never been more important.
Malicious third parties including state sponsored hackers now have more knowledge and resources than ever, so it’s only natural that more and more people are taking steps to secure their online activity and protect their data. Encrypting your traffic and communications is a very good way of doing this, and Tor does this nicely.
What is Tor?
Tor is short for The Onion Router, it is an anonymity network initially developed by the U.S. Navy. It enables users to pass traffic across the internet anonymously. Now, it’s a non-profit organization whose main purpose is the research and development of online privacy tools.
The Tor network disguises your identity by moving your traffic across different Tor servers, and encrypting that traffic so it isn’t traced back to you. Anyone who tries would see traffic coming from random nodes on the Tor network, rather than your computer.
There are several layers that your traffic passes through before leaving the Tor network using an exit-node, the end destination that you route to, say for example your Webmail website, they will only be able to see that you have visited their site from the IP address used by that Tor exit-node, they can’t tell what servers you’ve routed through and they can’t tell where you’ve come from.
It is important to keep in mind that while your traffic is encrypted from your computer to the exit-node where your traffic leaves the Tor network, but your traffic is not encrypted between the exit node and the final destination. So to be doubly sure that your traffic not intercepted to the final destination, then using protocols that utilise encryption such as SSH or HTTPS will achieve this.
How is Tor accessed?
Tor can be accessed through two methods – the Tor browser or the Tor daemon.
The most popular is through the Tor browser, which is an open-source web browser based on Firefox that is pre-configured to route all web traffic through Tor – it also features add-ons such as NoScript that restricts websites from executing scripts unless you specifically allow it to.
There’s no port of the Tor browser available for RISC OS, but the second method of accessing the network is very much accessible as long as you have a second non-RISC OS machine that you can configure as a Tor proxy that your RISC OS machine can route through.
The second option is the Tor daemon, which runs as a background process and opens up a local SOCKS5 proxy that can be used to push traffic onto the Tor network.
Providing you don’t have a firewall specific to the computer running the daemon blocking traffic to systems on your Local Area Network (LAN), any computers on the same local network (i.e. your home network) will also be able to use the computer running the daemon as a SOCKS5 proxy. This normally involves configuring a web browser to use that machine as a proxy or by using a utility like Proxychains (no RISC OS port unfortunately) that allows you to force specific applications through the Tor proxy.
Setting up a Tor proxy
Note: All the Unix/Linux commands below require admin privileges to work. Running these commands as root will work, or if your system has sudo installed and configured then use the sudo command before every command so that your privileges are elevated for that command.
Before you can access the Tor network on RISC OS you’ll need to configure a second non-RISC OS machine as the Tor proxy that you can configure Netsurf to push its traffic through.
1 – Pick a system to setup as a Tor proxy
You can setup a Tor proxy on Windows computers but in most cases people use a Unix-based or Unix-like operating system, they’re ideal for running servers like this and are extremely stable even under high load. I installed my Tor proxy on a Raspberry Pi running FreeBSD but it’ll work just as well on Linux or another BSD variant, including MacOS.
2 – Prepare the target system
Before going anywhere, you must make sure that the system you’re going to configure as a Tor proxy has the correct date and time. If it doesn’t, then your Tor proxy will accept connections but it won’t route them anywhere. It’s also recommended you install NTP to keep the time correct automatically, otherwise it will go out of sync after a while. It’s worth keeping in mind too that if you’re installing NTP, the existing date and time of your machine pre-install must be within 30 minutes of UTC-time otherwise ntpd won’t start.
On FreeBSD I used the command ‘pkg install ntp’ to install NTP onto my system. On Debian/Ubuntu based Linux systems you can use the ‘apt-get install ntp’ command. In my case I then added the line ntpd_enable=”YES” to the /etc/rc.conf config file so that NTP runs on boot, some Unix/Linux systems will configure this automatically.
Finally before installing Tor, configure the system to act as a Gateway. This will allow your system to receive packets and route them on. On FreeBSD I configured this by adding gateway_enable=”YES” to the /etc/rc.conf file. Most Linux systems will allow you to do this by editing the /proc/sys/net/ipv4/ip_forward file to replace the default configuration of 0 (Gateway disabled) to 1 (Enabled).
3 – Install and configure Tor
Now that the system is setup to run as a Tor proxy, you can install the Tor application. On FreeBSD the ‘pkg install tor’ command will take care of this, Debian/Ubuntu based Linux systems should accept ‘apt-get install tor’ in most cases.
Using a text editor such as nano we’ll then configure Tor to act as a proxy. This can be done by editing the /usr/local/etc/tor/torrc file on FreeBSD, or for Linux systems /etc/tor/torrc.
To enable your Tor SOCKS5 proxy to run on the default port of 9050, remove the hashtags from the start of the below lines then save the text file, removing the hashtags will enable the code to run. Make sure to change the 126.96.36.199 IP address to your own local IP address (usually something like 192.168.0.x).
SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.
SOCKSPort 188.8.131.52:9050 # Bind to this address:port too.
Once you’ve done that you’ll need to configure your system to run Tor on boot. Most Linux systems will do this by default when you install Tor. On FreeBSD I just added tor_enable=”YES” to the /etc/rc.conf config file.
Now that’s done you can start the Tor service by using the service tor start command. You can check to see if your system is listening on the Tor proxy ports you’ve configured in torrc file by running the netstat -a | grep LISTEN command which would show output results like below to show that it’s actively listening for connections on that port.
tcp4 0 0 184.108.40.206.9050 *.* LISTEN
tcp4 0 0 127.0.0.1.9050 *.* LISTEN
The above outputs shows that the system is listening on 220.127.116.11:9050 – which is port 9050 on the local LAN IP for my system, this means it’s accessible by machines other than just itself. The 127.0.0.1:9050 means it’s also listening for port 9050 (Tor SOCKS5) connections on the device itself.
4 – Configure a HTTP proxy
By default, Tor sets itself up as a SOCKS5 proxy. Most non-RISC OS web browsers will allow you to route web traffic through a SOCKS5 proxy but with NetSurf we’ll need to configure our Tor proxy to also serve as a HTTP proxy as it only has a HTTP proxy option.
We can use a piece of web proxy software called Polipo to do this. To install it on most Linux systems, use the ‘apt-get install polipo’ command, or on FreeBSD – ‘pkg install polipo’.
Once that’s done, we then just need to configure it to chain to Tor’s SOCKS proxy, we can do this by modifying Polipo’s config file – FreeBSD: /usr/local/etc/polipo/config or Debian/Ubuntu Linux: /etc/polipo/config.
Amend it so that it shows the below configuration. This will allow your system to act as a Tor HTTP proxy over the default Polipo port 8123.
allowedClients = 127.0.0.1, 192.168.1.0/24
socksParentProxy = “localhost:9050”
socksProxyType = socks5
proxyAddress = “0.0.0.0”
Once done, save the file. We then need to configure the system to run Polipo on boot. Most Linux systems will do this by default when you install Polipo. On FreeBSD I just added polipo_enable=”YES” to the /etc/rc.conf config file. After that’s done, restart Polipo and Tor using the ‘service tor restart’ and ‘service polipo restart’ commands, or just reboot your machine.
Your system should now be accepting SOCKS5 connections over port 9050 & HTTP connections over port 8123.
The above configuration does NOT use any authentication, so do not expose port 9050 and 8123 to the Internet (i.e. past your firewall), this configuration is designed to be used on a local network only. It is possible to setup Tor to require authentication before the proxy can be used, this will need to be setup if you want to access this proxy from outside of your local network.
Configure NetSurf to use the HTTP proxy
Now that there’s a Tor proxy running on your local network, it’s now time to boot up Netsurf on your RISC OS machine and point it to pass its traffic through the proxy and in-turn, the Tor network.
So once NetSurf is running, middle-click on its iconbar icon then select Choices then Connection.
Set the Proxy type as Simple proxy, then stick in the local IP address of your Tor proxy system in the Host field, followed by the port number of your HTTP proxy in the field to its right.
If you’ve followed this guide to the letter then the HTTP proxy will be running on port 8123, it is possible to set the proxy to run on the same port as the SOCKS5 proxy (9050) like in the image on this article.
Have a play around!
That’s it, NetSurf is now configured to push its traffic through the Tor proxy. You can test this out by checking your IP address with a website such as DuckDuckGo or ping.eu. This will show the IP address that other systems and websites you interact with through your Tor proxy will see you as. If you attempt to visit the IP address that DuckDuckGo or Ping.eu has shown to be the IP you’ve visited from, it should show you a ‘This is a Tor Exit Router’ page.
All your NetSurf traffic will now be pushed through various Tor proxies and anonymised. You can also access dark web (.onion) sites now also.
For more information on Tor, have a read of the Tor project’s extensive Documentation section. If you’re really curious then take a look dark web websites, these are websites that are hosted within the Tor network and can only be routed to from within the Tor network. These sites usually have .onion domain names.
Be wary though, while there’s an awful lot of good stuff on Tor and the dark web, there’s also a lot of bad stuff – so exercise caution when taking a look around.