speeding up tor

4 November 2007 at 12:01 am (Firefox, Tor) (, , , , , )

The Noreply Wiki has a very useful guide on how to make Tor faster. I’m working with revision 37, currently the most recent revision of the guide.

I started with Procedure 1, and altered about:config like so:

network.http.keep-alive.timeout:600 (300ms default is OK usually, but 600 is better.)
network.http.max-persistent-connections-per-proxy:16 (Default is 4)
network.http.pipelining:true (Default- false. Some old HTTP/1.0 servers can't handle it.)
network.http.pipelining.maxrequests:8 (No default)
network.http.proxy.keep-alive:true (Default- true, but double check)
network.http.proxy.pipelining:true (Default- false)

I’m going to skip all the suggestions about Fasterfox, because I don’t trust it to behave properly and not leak around the proxy, and I need to work with a lot of dynamic content anyway, which Fasterfox obviously can’t prefetch. I’m on Linux so I’m going to skip everything else in Procedure 2.

Procedure 3 is where this gets interesting, and where we actually start to make Tor faster, as opposed to making torified applications faster. The suggestions here really make a lot of difference in speed. I haven’t done any technical measurements, but I can see the difference very clearly when I’m browsing. However, though I haven’t tested, I suspect that I may potentially be sacrificing some anonymity for the increased speed. The authors of the guide note this is a possibility.

So I’m going to make two torrc configuration files, and I’ll use one when I need the best security I can get, and the other when I want speed and can afford to potentially be vulnerable to profiling attacks. For example, when I’m only concerned about the destination website knowing my IP, I can opt for speed. When I’m concerned about Big Brother, I can opt for security. This is simple to accomplish. I’m going to use Vidalia to switch between the two when I need to.

Vidalia’s torrc is at $HOME/.vidalia/torrc and I made a copy of it, in the same directory, called torrc-speed. The old torrc is going to remain unaltered; its defaults are secure. In the new torrc-speed, I added these lines:

# Try for at most NUM seconds when building circuits. If the circuit isn't
# open in that time, give up on it. (Default: 1 minute.)
CircuitBuildTimeout 5
# Send a padding cell every N seconds to keep firewalls from closing our
# connections while Tor is not in use.
KeepalivePeriod 60
# Force Tor to consider whether to build a new circuit every NUM seconds.
NewCircuitPeriod 15
# How many entry guards should we keep at a time?
NumEntryGuards 8

CircuitBuildTimeout, KeepalivePeriod, and NewCircuitPeriod are part of Procedure 3. I also added NumEntryGuards and increased it to 8 (the default is 3) because I want to give my speedy Tor the chance to pick faster entry guards if the low CircuitBuildTimeout means that some entry guards cannot be used. I don’t know whether this is actually necessary, nor whether it potentially decreases anonymity, but I don’t much care in this configuration. Save the file.

Then I went to Vidalia’s “Settings” screen and unchecked “Start Tor when Vidalia starts”. Then I went to the Advanced tab and pointed Vidalia at the new torrc-speed file. Then started Tor and tested it out. Yes, noticeably faster.

So now when Vidalia starts, it doesn’t start Tor yet, giving me the chance to go to the Settings > Advanced tab and change configuration files, to either the security or the speed configuration, before actually starting Tor.

Permalink 26 Comments

vidalia on linux

1 November 2007 at 7:05 am (Fedora, Tor) ()

Fedora 7:

Previously I had Tor running as a service, without Vidalia. That setup worked fine, but I also wanted a Tor controller, in order to easily change exit nodes. Since my Fedora 7 has GNOME already and not KDE, there’s no obvious solution. I could find a way to use TorK, or find a way to use Vidalia. I’m already accustomed to Vidalia, so that’s my choice.

Vidalia isn’t in the Fedora repositories, though, and it isn’t in freshrpms, an alternative Fedora repository. I didn’t want to dig anywhere else. I downloaded the Vidalia rpm directly from the Vidalia project page, and used their instructions. It says Vidalia requires nas, qt4, and qt4-x11. Why it needs nas I cannot guess, but that was already installed on my system. I used yumex to install qt4 and qt4-x11. Then I tried “rpm -Uvh vidalia-0.0.8-3.i386.rpm” but it didn’t work. I’m still a Fedora noob. I guess I have to install as root. That worked.

I wanted Vidalia to control the already-running Tor process that starts as a server, but I could not get that to work. When I thought I had it set up correctly with HashedControlPassword, Vidalia would just start up and kill the Tor process, and then complain “Vidalia was unable to register for Tor events. Control socket is not connected.” I don’t know. I gave up with this route and decided to just let Vidalia start its own Tor process. This meant I had to run “chkconfig tor off” to disable the service from starting.

Now I just start Vidalia when I want to run Tor. Privoxy is still a service.

Remember that Vidalia makes its own torrc file for the Tor instances it starts, so if you had settings you wanted to save, you have to copy them over. Look in $HOME/.vidalia for the file.

Permalink 2 Comments