speeding up tor

4 November 2007 at 12:01 am (Firefox, Tor) (, , , , , )

The Noreply Wiki has a very useful guide on how to make Tor faster. I’m working with revision 37, currently the most recent revision of the guide.

I started with Procedure 1, and altered about:config like so:

network.http.keep-alive.timeout:600 (300ms default is OK usually, but 600 is better.)
network.http.max-persistent-connections-per-proxy:16 (Default is 4)
network.http.pipelining:true (Default- false. Some old HTTP/1.0 servers can't handle it.)
network.http.pipelining.maxrequests:8 (No default)
network.http.proxy.keep-alive:true (Default- true, but double check)
network.http.proxy.pipelining:true (Default- false)

I’m going to skip all the suggestions about Fasterfox, because I don’t trust it to behave properly and not leak around the proxy, and I need to work with a lot of dynamic content anyway, which Fasterfox obviously can’t prefetch. I’m on Linux so I’m going to skip everything else in Procedure 2.

Procedure 3 is where this gets interesting, and where we actually start to make Tor faster, as opposed to making torified applications faster. The suggestions here really make a lot of difference in speed. I haven’t done any technical measurements, but I can see the difference very clearly when I’m browsing. However, though I haven’t tested, I suspect that I may potentially be sacrificing some anonymity for the increased speed. The authors of the guide note this is a possibility.

So I’m going to make two torrc configuration files, and I’ll use one when I need the best security I can get, and the other when I want speed and can afford to potentially be vulnerable to profiling attacks. For example, when I’m only concerned about the destination website knowing my IP, I can opt for speed. When I’m concerned about Big Brother, I can opt for security. This is simple to accomplish. I’m going to use Vidalia to switch between the two when I need to.

Vidalia’s torrc is at $HOME/.vidalia/torrc and I made a copy of it, in the same directory, called torrc-speed. The old torrc is going to remain unaltered; its defaults are secure. In the new torrc-speed, I added these lines:

# Try for at most NUM seconds when building circuits. If the circuit isn't
# open in that time, give up on it. (Default: 1 minute.)
CircuitBuildTimeout 5
# Send a padding cell every N seconds to keep firewalls from closing our
# connections while Tor is not in use.
KeepalivePeriod 60
# Force Tor to consider whether to build a new circuit every NUM seconds.
NewCircuitPeriod 15
# How many entry guards should we keep at a time?
NumEntryGuards 8

CircuitBuildTimeout, KeepalivePeriod, and NewCircuitPeriod are part of Procedure 3. I also added NumEntryGuards and increased it to 8 (the default is 3) because I want to give my speedy Tor the chance to pick faster entry guards if the low CircuitBuildTimeout means that some entry guards cannot be used. I don’t know whether this is actually necessary, nor whether it potentially decreases anonymity, but I don’t much care in this configuration. Save the file.

Then I went to Vidalia’s “Settings” screen and unchecked “Start Tor when Vidalia starts”. Then I went to the Advanced tab and pointed Vidalia at the new torrc-speed file. Then started Tor and tested it out. Yes, noticeably faster.

So now when Vidalia starts, it doesn’t start Tor yet, giving me the chance to go to the Settings > Advanced tab and change configuration files, to either the security or the speed configuration, before actually starting Tor.


Permalink 26 Comments

separate Firefox profiles, running simultaneously, for Tor and non-Tor traffic.

5 October 2007 at 9:37 pm (Fedora, Firefox, Tor) (, , , , , )

Last post dealt with installing tor and privoxy. Time now to get Firefox ready to use anonymously. Much of this post will be Firefox-specific, so can be extended to any operating system. The small part that is Fedora-specific will probably extend to any Linuxes. For other operating systems, see the Note at the bottom.

I want to make Firefox run as two separate processes, with two separate profiles, at the same time; one will be anonymous and one normal. The anonymous Firefox will route through Tor, and run no Javascript, no Java, no extensions (such as StumbleUpon), and no plug-ins (such as Flash or Gnash), because these can leak identifying data around the Tor proxy.

To begin, Firefox has a command line option, “-no-remote”, that allows operation of two or more separate Firefox processes at once. The normal process won’t need this option, but the anonymous process will. It wasn’t obvious to me why this is called “-no-remote” but it seems to relate to turning off this Mozilla “remote” option and whatever relates to it.

Anyway, if you go to the command line and type “firefox -no-remote -profilemanager” you’ll get a separate firefox process that starts with the Profile Manager. Create a new profile. We’re going to assume you called it “torprofile”. Now close this new Firefox process, and at the command line type “firefox -no-remote -P torprofile” which will start up the profile you just created, bypassing the Profile Manager.

This profile is fairly clean. It has no extensions installed. It will have Javascript and Java enabled by default; you’ll have to turn these off under Edit > Preferences > Content. Also in Preferences > Security, I disabled “tell me if the site I’m visiting is a suspected forgery”, and “remember passwords for sites”. Also under Preferences > Advanced > Update I chose “ask me what to do”, because I don’t want updates to occur over Tor; I’d rather see that there is an update, disable the anonymous proxy, and then update over my normal connection. Disabling Javascript and Java are pretty much essential; the other choices mentioned here may be optional for you.

Don’t forget to change Firefox’s network proxy to port 8118, to go through Privoxy and Tor.

A problem remains, though. Plugins on your computer, like Flash, are still enabled, and these can leak. Go to about:plugins and you’ll see what’s installed. Firefox looks for plugins and loads them automatically. We want these plugins to be available to the normal Firefox process and invisible to the anonymous Firefox process.

In Fedora, the easiest way I’ve found to do this is to make a copy of /usr/bin/firefox and alter it slightly. This is not a binary file, it’s actually a wrapper script to “setup all the environment voodoo needed to make mozilla work”, and at the end of the script it actually initializes the binary, which in this case, is /usr/lib/firefox-

So, first, make a copy of the wrapper script, by typing “cp /usr/bin/firefox /usr/bin/firefox-no-plugins” and then open /usr/bin/firefox-no-plugins with a text editor. Somewhere in there is a section that sets the variable $MOZ_PLUGIN_PATH and on mine it looks like this:

## Make sure that we set the plugin path

I want this variable to be empty, so I’m going to change the section like this:

## Make sure that we set the plugin path

Excellent. Now if you go to the command line and execute “firefox-no-plugins -no-remote -P torprofile” you’ll get the new clean profile, and without any plugins. Check about:plugins in Firefox’s URL bar and it should say “No plug-ins are installed”. By the way, I’m pretty sure if you want specific plugins to be used in the anonymous Firefox, you can hardcode them into MOZ_PLUGIN_PATH instead of leaving it empty, though I haven’t tried this yet.

Now you need to make separate desktop links for the two Firefox profiles. Make a desktop link that executes “firefox-no-plugins -no-remote -P torprofile” for the Torified Firefox. You also need to change the desktop links for the normal Firefox, to “firefox -P default”. This will cause those links to start up your normal profile with your normal plugins. If you don’t do this, unaltered Firefox links will start up the last profile that was used: sometimes the anonymous profile, sometimes the normal one. Protect yourself first against this undefined behavior. Change your links.

Keep in mind also that every time you update Firefox, you will need to make a new copy of the wrapper script and empty the plugin path. This is because every new Firefox version has a different wrapper script (verified on Fedora and expected on other Linuxes); sometimes they are different only in referencing the new version number, but they are different, and your Torified desktop link will break and simply stop working after you update Firefox, until you make a new wrapper script.

This is a good baseline for anonymous browsing and we could stop here if we wanted to. I’m going to do one last thing, though. The 1.1.x development branch of Torbutton has some nice features that I’d like to take advantage of, especially “Set user agent during Tor usage”, “Block History Reads during Tor”, and “Restore saved session via Tor after Firefox crash”. Check out the Torbutton development branch page to see what these do.

Currently the development branch doesn’t have SSL access, but you can download the XPI file, retrieve the MD5 hash over Tor and over non-Tor, compare the two, md5sum the file, and this should be reliable enough. Drag the XPI file into the open Torified Firefox window and it will install. I’m pretty sure this method means that Tools > Add-ons > Find Updates will look for updates on local computer’s download directory, so you’ll have to check for and install updates manually.

Extension preferences are at Tools > Add-ons > Torbutton > Preferences. I recommend disabling “Display Tor proxy setting in the status bar” so that you can’t accidentally turn off Tor with a stray click. This is the only extension I’m going to install in the anonymous profile, since Torbutton is made especially for leak-proof usage with Tor and Firefox.

Everything should be working smoothly now…

(Note: for non-Linux operating systems, the methods for “concealing” the plugins from Firefox may be very different from the above. I recommend just installing the 1.1.x branch of Torbutton and using that, because it has an option to disable all plugins in Firefox as long as it’s on. This should be reliable and simpler than messing around with wrapper scripts. As long as the Torified profile is always running through the proxy, Torbutton will keep the plugins turned off. This makes it even more important to disable “Display Tor proxy setting in the status bar” so as to prevent any accidental leaks. You’ll still need separate profiles and a separate link with -no-remote.)

Permalink 7 Comments