How to use Tor with Trisquel

16 replies [Last post]
forest
Offline
Joined: 10/19/2012

Just installed Trisquel for the first time and I am learning my way around.

I think that I have Tor installed, because the command:

sudo apt-get install tor

gives me this:

Reading package lists... Done
Building dependency tree
Reading state information... Done
tor is already the newest version.
The following packages were automatically installed and are no longer required:
libutouch-grail1 gir1.2-timezonemap-1.0 gir1.2-gstreamer-0.10 archdetect-deb
python-pyicu python-argparse libdebian-installer4 rdate python-xklavier
libutouch-evemu1 libutouch-frame1 apt-clone libtimezonemap1 dpkg-repack
libutouch-geis1 libdebconfclient0
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

I have the green onion icon in the bottom right and I can open the Vidalia Control Panel, which tells me I am connected to the Tor network. But surfing the web is nothing like when I used Tor in Ubuntu. How do I now surf with Abrowser in a way that guarantees me the Tor protection?
Thanks!

niyasc
Offline
Joined: 07/12/2011

I don't know to do it with vidalia installed on trisquel.But if you download tor bundle from here http://torproject.org.in/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.2.37-1-dev-en-US.tar.gz , extract it.

Then open directory named tor-browser.
right click on that directory and select open with terminal
Then type
./start* (it is for executing shell script named start-tor-browser)

Then it will open vidalia, when vidalia completes it's loading it will automatically open firefox with tor enabled.

forest
Offline
Joined: 10/19/2012

Wow, this worked like magic, thank you very much! I wish the Tor site had this instruction in their directions for GNU/Linux installations so I wouldn't have to bother you.
Thanks again!

stefano
Offline
Joined: 10/14/2011

On Fri, Nov 2, 2012 at 6:01 PM, <name at domain> wrote:
> Wow, this worked like magic, thank you very much! I wish the Tor site had
> this instruction in their directions for GNU/Linux installations so I
> wouldn't have to bother you.
> Thanks again!

Tor is a very sensitive package and AFAIK it's not updated very often
in the package repositories of any GNU/Linux distribution.

The tor browser bundle works very well provided that you want to use
tor only for web browsing. If you want to route other programs through
tor (e.g. wget, curl, pidgin) you may need to hack a bit.

The tor browser bundle is updated fairly frequently and it will tell
you whenever a new update is available. However, they don't ship with
the latest version of their rebranded Firefox so you may still be
vulnerable to Firefox bugs (same thing for Trisquel's abrowser).

Also, I'd advise you to purge the previous installation of tor with

sudo apt-get purge tor

One last thing, it seems that you have some unused packages (see the
output of your apt-get). You can run apt-get autoremove to get rid of
them.

Best,

--
Stefano

forest
Offline
Joined: 10/19/2012

Thank you Stefano! I run both commands. For the 2nd however, I got this:

apt-get autoremove
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

How do I tell it I am root? I created the account when I installed Trisquel, so I have the right password, but the computer still doesn't believe that I am its boss!

On the subject of updates for Trisquel and all other software - how do I start the update manager? I have done it in Ubuntu and knnow how to find it there, but I am not seeing this option in Trisquel.

Thanks1!!

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

The error message means another application is "locking" some directories used by the package manager. Maybe, Synaptic is running. Or the update manager. Or apt-get/aptitude in another terminal. Just close this other applications and execute this command again:
$ sudo apt-get autoremove

stefano
Offline
Joined: 10/14/2011

On Fri, 2 Nov 2012 19:31:35 +0100 (CET)
name at domain wrote:

> Thank you Stefano! I run both commands. For the 2nd however, I got this:
>
> apt-get autoremove
> E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
> E: Unable to lock the administration directory (/var/lib/dpkg/), are you
> root?

Hi,

you should run the command with 'sudo' that allows you to execute the
command as another user, in this case, root. Sorry, I was not clear in my
previous email).

So, the correct command would be

sudo apt-get autoremove

as magicbanana already said.

Best,

--
Stefano

Fortune of the day: "Alimony and bribes will engage a large share of your
wealth."

Bazzy

I am a member!

Offline
Joined: 10/01/2011

Once Tor is running (green icon from Vidalia) you need to set the browser to use Tor as proxy.

Here is the configuration with default Abrowser, Tor and Vidalia

Abrowser:

Edit > Preferences > Advanced > Network > Settings...

SOCKS Host: 127.0.0.1 Port: 9050

(SOCKS v5)

Lemuriano

I am a member!

Offline
Joined: 04/20/2012

Thanks,

Now I can use tor with my own browser.

Fernando_Negro
Offline
Joined: 06/17/2012

I wouldn't trust this "Tor network" as an effective tool to protect one's privacy.

Tor has been developed by the US government. And is still supported by it, to this day.

"Originally sponsored by the US Naval Research Laboratory,[8] Tor was financially supported by the Electronic Frontier Foundation from 2004 to 2005.[10] Tor software is now developed by the Tor Project, which has been a 501(c)(3) research/education nonprofit organization[11] based in the United States of America[1] since December 2006 and receives a diverse base of financial support;[10] the U.S. State Department, the Broadcasting Board of Governors, and the National Science Foundation are major contributors.[12]" --- Wikipedia

This is the same entity that has an interest in spying - and is known to spy - on people.

If I were the US government, knowing that people would want to create and use this kind of networks to protect their privacy, I would develop one, in advance, that would be easily hacked - and, therefore, not effective - publicize it a lot and convince those same people to use it.

And, not surprisingly...

http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#Weaknesses

Chris

I am a member!

Offline
Joined: 04/23/2011

This was never a secret. If the NSA wants to hide something in software to gain access to peoples machines they wouldn't put it here. It just doesn't make sense. It is some of the most scrutinized code around. There are dozens of educational institutions, security experts, crypto people, and others who keep an eye on it. The development model allows for it. The code is not developed in secret and later released under a free license. It is a completely open process that all can participate in.

If your concerned then you better not use Truecrypt, LibreOffice, or X. I'd imagine the majority of code on your system started out its development in secret. There were no third parties scrutinizing every little update.

The weaknesses in Tor are known too. It's a low latency network. Compromises had to be made in order to achieve that. This is also no secret and there is even a big fat warning that the software should not be relied upon. There is a stable release though so you have to take it with a grain of salt.

Besides the Electronic Frontier foundations having had supported it for years the developers are also extremely well know and careful with releases. They know people are using it despite the warnings. The one developer I believe even got hassled by the TSA as he was involved with or communicated with wikileaks. This project has lots of good karma in the free software community. While I have not analyzed the code I can say that there are no leaks for which I have found when properly setup.

It is not recommended to use Tor in and of itself. Using the Torbrowser is a better bet. Using Torbrowser instead of Tor increases the possible set of users. It also ensures that you don't become a victim of potential vulnerabilities. For instance Adobe Flash is not included and Javascript is disabled (I believe, or at least some scripting is). There are lots of other changes made.

Fernando_Negro
Offline
Joined: 06/17/2012

I didn't say anything about hidden code in the Tor network. I know it's an open source project. What I said is that it's a network know not to be safe - as it is explained in the last link I left. Unlike a lot of people working for the US government, I'm not a computer security expert. So, even if I try, I can never totally comprehend how secure this network is or is not.

(How do I even know if all the servers used in this network truly do what they claim to be doing and if some of them are not just faking it, for example? Also, as far as I know, the known flaws that have been, so far, discovered in this network are just that - what is publicly know. And if that is what a few groups, with a very limited funding, are capable of discovering, I wonder what the US government - who invented the Internet itself, and a whole lot of things, with its trillions of dollars, supercomputers and armies of hackers at its disposal - is capable of.)

You can all trust who you want... I'm just giving my opinion. And, being more specific, I just personally don't trust a government who invades and bombs foreign countries, tortures people, has concentration camps, kills its own citizens with no legal process whatsoever, is, and continues to be, responsible for the deaths of millions of people worldwide and that is turning its society into a truly police state...

The US government doesn't want to protect people's privacy. Quite the opposite. And it doesn't make any sense that it would help to develop a truly secure network, as this one claims to be. Why would the US government help people to protect themselves against itself? I doesn't add up. (And if that's not the objective, then what is it, here?)

Concerning the EFF...

It's one of many fake foundations that are actually working for the powers-that-be. And it is, obviously, no accident that it collaborates with the US government in the development of this network. It's financed by the same economic interests who control the US government. And I can easily get their own reports who prove it. But one would have to know "who's who" of the political and economical elite in order to know what I'm talking about.

I know who's the person you're talking about, when you mention an episode with the TSA. It's one of the hackers who participated in this debate. The TSA episode doesn't prove anything. Intelligence operations are all about deception. And the episode you talk about could just be theatre, in order to convince people he's something he's not.

stefano
Offline
Joined: 10/14/2011

On Sat, 3 Nov 2012 12:12:38 +0100 (CET)
Fernando wrote:

> What I said is that it's a network know not to be safe - as it is explained
> in the last link I left. Unlike a lot of people working for the US
> government, I'm not a computer security expert. So, even if I try, I can
> never totally comprehend how secure this network is or is not.

Please,

can we leave this thread as a purely technical one, that - by the way - has been
solved?

Feel free to start a new thread if you are concerned about the use of the Tor
network. Also, I think this has been already discussed in the forums.

Thank you,

--
Stefano

Fortune of the day: "Cheer Up! Things are getting worse at a slower rate."

Fernando_Negro
Offline
Joined: 06/17/2012

OK.

I understand, and also agree, that this should be discussed elsewhere, instead.

But, could you please not publish my e-mail here in the comments? (And also delete that part of your post?)

In the edit options, it says that "the e-mail address is not made public".

stefano
Offline
Joined: 10/14/2011

On Sat, 3 Nov 2012 13:35:38 +0100 (CET)
You wrote:

> But, could you please not publish my e-mail here in the comments? (And
> delete also that part of your post?)
>
> In the edit options, it says that the "e-mail address is not made public".

Sorry,

I reply to the forum posts via the mailing list. There used to be an automatic
mechanism that masked the email addresses on the web forum, but it seems it did
not work in this case.

I've manually edited this reply, but I'll try and find an automated solution.

Best,

--
Stefano

Fortune of the day: "There is a 20% chance of tomorrow."

Fernando_Negro
Offline
Joined: 06/17/2012

And, by the way...

Trying to hide from your governments is not the way to go.

Fighting for a society were there is not such government intrusion is.

The more you just try to hide from them and don't fight them, the more space of manoeuvre our governments have and the more at will they are to violate your privacy.

What everyone needs to do is to openly and very loudly say that this type of surveillance is inadmissible and put an end to it.

"To poke Big Brother in the eye", as Richard Stallman says.

forest
Offline
Joined: 10/19/2012

Stefano, yes, the Tor installation problem has been solved.
Thanks to everyone for your technical help and for your thought!