From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8OLwHfQQ22ItSAEAbAwnHQ (envelope-from ) for ; Fri, 22 Jul 2022 23:04:52 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id CLi4HfQQ22JkcgEAauVa8A (envelope-from ) for ; Fri, 22 Jul 2022 23:04:52 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9D3DCD271 for ; Fri, 22 Jul 2022 23:04:51 +0200 (CEST) Received: from localhost ([::1]:32810 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oEzpK-0004g9-Qc for larch@yhetil.org; Fri, 22 Jul 2022 17:04:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34730) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oEzp4-0004fm-1m for help-guix@gnu.org; Fri, 22 Jul 2022 17:04:34 -0400 Received: from mx1.riseup.net ([198.252.153.129]:50414) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oEzp1-000838-7x for help-guix@gnu.org; Fri, 22 Jul 2022 17:04:33 -0400 Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4LqMPm61KFzDqpK; Fri, 22 Jul 2022 21:04:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1658523868; bh=NOesboiusR0MbOBy+TPZlqC+eBRyiQ3ZUg1cfSC0zVI=; h=References:From:To:Cc:Subject:Date:In-reply-to:From; b=IBBQjh1B8372+Ru187hZWBQXimXSHi7oDGW2slTFLAKjoLzkcOmfrMX6iSxD6hXHC g3YXRSG5Jx9Lm6BruHvWBFjVJc2xzaQgAyPXzagiOuVlxpEh/HKRlu5LC9EKoaIywd aBiaKQAb+MWK07WbIGIr4L0JVnWe4/iayoC+90v8= X-Riseup-User-ID: C5BDBE33D135B662A7B67BFF215DFB98AF1BE3D410E1E364467AEA795B75C08E Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews2.riseup.net (Postfix) with ESMTPSA id 4LqMPm1FZBz1yWm; Fri, 22 Jul 2022 21:04:27 +0000 (UTC) References: <3037daa5-ff14-5090-b740-8a06d671e759@posteo.de> <20220721223524.533171ed@sybil.lepiller.eu> From: Csepp To: Julien Lepiller Cc: Gottfried , help-guix@gnu.org Subject: Re: how can I use "tor" Date: Fri, 22 Jul 2022 22:59:25 +0200 In-reply-to: Message-ID: <87a690dfl4.fsf@riseup.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=198.252.153.129; envelope-from=raingloom@riseup.net; helo=mx1.riseup.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1658523891; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=5D6a2zZ6wcGEUloJPerK/ji4ZFfG9KVukBQdOabjAn4=; b=A176zz7sxU7pZ9aBvtIh2X+pNiIOwdKvlZ9MCNdq0nzvPqSCOHiviTJcuFCXicwGc2pjEN QhEpatXpO0Q1o3G6fkfAPKM19p+6A2C9gUWUQWU+a2+AMOff0T0KCT01JTDFdq8WCc2f1l C7SVdSxtyRp1KzcgFaoJKBl+D8UEjOWGUFFp3qXCD93/bABRS5jsvrthvZxWTHzzKC6vUw H7XB7wY/UJ2YwcturTmaKPadSlx2GmSCAvaTM1ZD18iKpKNjN+zdofiwwrigwai7dQKDGA CvTY82YrYEUF51YT9yLGwTjYuM/9/5VbHhjYAeMTmW4vpO6/qSKkS+qACQIFOw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658523891; a=rsa-sha256; cv=none; b=HnNcpVuYs9AAuiNDXta8uRiKH8l8eDqfnolJfHkZx0X6IFEudQdIEgW4IAS96Mnz9zzgXm sBxhPpTPMgi2D1c6k7PL9f/aj3QFjue7+t890gSjSuR3N+U3DUR/qsa9OdYEKsXauidYoF AWbnMWnA6xLhNRjuPUUCWtzX/tjcbHE4k6lwokav3rz/5pHAPmi4F030SxNkuD2q4+PKAZ xkaC4PNsXC4ArBJbeDLYSBNM5QelRCzXO1XLORhFg5x8oLUf5Mx6OISBMA8CGlR+um39YE bCWEyCf99VJXaLGMBUTuxWXg+yLtxVk3N1vcW1y3TIlbmRkYphGBUbgorULnWg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=IBBQjh1B; dmarc=pass (policy=none) header.from=riseup.net; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -7.43 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=IBBQjh1B; dmarc=pass (policy=none) header.from=riseup.net; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 9D3DCD271 X-Spam-Score: -7.43 X-Migadu-Scanner: scn0.migadu.com X-TUID: C4krUxltRvrV Just a heads up, if you want proper anonymity, IceCat is almost certainly a bad choice. All the weird custom addons and source level modifications and the fact that very few people use it makes it *easier* to de-anonymize you. But if you just want to unblock some things or use onion addresses to get around NATs, IceCat will be fine. If you want actual anonymity, Tor Browser and Tails are better choices. Julien Lepiller writes: > You can't "run tor in icecat" that doesn't make sense. Maybe you meant so= mething else? > > If you don't want icecat to use tor, keep your current settings. > > For using tor in icecat, in your network settings: > > Select "Manuelle Proxy-Konfiguration" > SOCKS host is localhost, SOCKS port is 9050 > Select SOCKS v5 > Select "Bei Verwendung von SOCKS v5 den Proxy f=C3=BCr DNS-Anfragen verwe= nden" > > Then check with the tor project URL I sent you that you are connecting th= rough tor. > > Le 22 juillet 2022 16:57:40 GMT+02:00, Gottfried a = =C3=A9crit=C2=A0: >>Thanks, >> >>I have taken a photo of my Icecat connection settings. >> >>In order not to make a mistake, I am asking again, how to fill in >> this settings? (I still understand too little, that's why I prefer >> to ask before making mistakes) >> >>As far as I understood you, Icecat will then run via Tor. >>Is it possible to run Tor separately from Icecat, because as I wrote, >> the Tor Website discourages to use Tor in connection with other >> browsers. >> >>Gottfried >> >> >> >>Am 21.07.22 um 22:35 schrieb Julien Lepiller: >>> Hi Gottfried, >>>=20 >>> you don't have to install tor or run it manually. The service is >>> already running tor for you. To use Tor, you need to use a socks proxy >>> to localhost:9050. >>>=20 >>> You can configure icecat to connect to that proxy (and then check that >>> you're actually connected through tor: https://check.torproject.org/ >>> should say "Congratulations"). >>>=20 >>> For other apps, you can use torsocks to proxy traffic through them, eg: >>>=20 >>> torsocks wget \ >>> http://c25o7knygjm3m67jy27yuynvv4pkfi25naucscmh4ubq2ggiig3v57ad.onio= n/ >>>=20 >>> (that's my home page) >>>=20 >>> Or, if they support it, you can configure the socks proxy directly in >>> their configuration. >>>=20 >>> HTH! >>>=20 >>> Le Thu, 21 Jul 2022 17:49:29 +0000, >>> Gottfried a =C3=A9crit : >>>=20 >>>> Hi Guixers, >>>>=20 >>>> I installed "tor, tor-client, torsocks". and >>>> also I have "tor-service-type" in my config.scm. >>>>=20 >>>> Nevertheless it doesn't appear anywhere. >>>>=20 >>>> I would like to use the Tor server separately, not in Firefox, as Tor >>>> Website proposed. >>>>=20 >>>> gfp@Tuxedo ~$ tor >>>> Jul 21 19:30:24.097 [notice] Tor 0.4.7.8 running on Linux with >>>> Libevent 2.1.12-stable, OpenSSL 1.1.1q, Zlib 1.2.11, Liblzma 5.2.5, >>>> Libzstd 1.5.0 and Glibc 2.33 as libc. >>>> Jul 21 19:30:24.097 [notice] Tor can't help you if you use it wrong! >>>> Learn how to be safe at >>>> https://support.torproject.org/faq/staying-anonymous/ >>>> Jul 21 19:30:24.098 [notice] Configuration file >>>> "/gnu/store/11azs9lmx363vi1vnz59aim5yp1rv2b9-tor-client-0.4.7.8/etc/to= r/torrc" >>>> not present, using reasonable defaults. >>>> Jul 21 19:30:24.106 [notice] Opening Socks listener on 127.0.0.1:9050 >>>> Jul 21 19:30:24.106 [warn] Could not bind to 127.0.0.1:9050: Address >>>> already in use. Is Tor already running? >>>> Jul 21 19:30:24.106 [warn] Failed to parse/validate config: Failed to >>>> bind one of the listener ports. >>>> Jul 21 19:30:24.106 [err] Reading config failed--see warnings above. >>>>=20 >>>> I guess, I have to set up other things as well, but I don't know what >>>> and how. >>>>=20 >>>> I didn't find enough information in the manual that makes it clear to >>>> me. I found that in the manual: >>>>=20 >>>> 10.8.4 Networking Services >>>>=20 >>>> Scheme Variable: tor-service-type >>>> This is the type for a service that runs the Tor anonymous networking >>>> daemon. The service is configured using a record. >>>> By default, the Tor daemon runs as the tor unprivileged user, which >>>> is a member of the tor group. >>>>=20 >>>> Data Type: tor-configuration >>>> tor (default: tor) >>>>=20 >>>> The package that provides the Tor daemon. This package is expected to >>>> provide the daemon at bin/tor relative to its output directory. The >>>> default package is the Tor Project=E2=80=99s implementation. >>>>=20 >>>> config-file (default: (plain-file "empty" "")) >>>> The configuration file to use. It will be appended to a default >>>> configuration file, and the final configuration file will be passed >>>> to tor via its -f option. This may be any =E2=80=9Cfile-like=E2=80=9D = object (see >>>> file-like objects). See man tor for details on the configuration file >>>> syntax. >>>>=20 >>>> hidden-services (default: '()) >>>> The list of records to use. For any hidden service >>>> you include in this list, appropriate configuration to enable the >>>> hidden service will be automatically added to the default >>>> configuration file. You may conveniently create >>>> records using the tor-hidden-service procedure described below. >>>>=20 >>>> socks-socket-type (default: 'tcp) >>>> The default socket type that Tor should use for its SOCKS socket. >>>> This must be either 'tcp or 'unix. If it is 'tcp, then by default Tor >>>> will listen on TCP port 9050 on the loopback interface (i.e., >>>> localhost). If it is 'unix, then Tor will listen on the UNIX domain >>>> socket /var/run/tor/socks-sock, which will be made writable by >>>> members of the tor group. >>>> If you want to customize the SOCKS socket in more detail, leave >>>> socks-socket-type at its default value of 'tcp and use config-file to >>>> override the default by providing your own SocksPort option. >>>>=20 >>>> control-socket? (default: #f) >>>> Whether or not to provide a =E2=80=9Ccontrol socket=E2=80=9D by which = Tor can be >>>> controlled to, for instance, dynamically instantiate tor onion >>>> services. If #t, Tor will listen for control commands on the UNIX >>>> domain socket /var/run/tor/control-sock, which will be made writable >>>> by members of the tor group. >>>>=20 >>>> Scheme Procedure: tor-hidden-service name mapping >>>>=20 >>>> Define a new Tor hidden service called name and implementing mapping. >>>> mapping is a list of port/host tuples, such as: >>>>=20 >>>> '((22 "127.0.0.1:22") >>>> (80 "127.0.0.1:8080")) >>>>=20 >>>> In this example, port 22 of the hidden service is mapped to local >>>> port 22, and port 80 is mapped to local port 8080. >>>>=20 >>>> This creates a /var/lib/tor/hidden-services/name directory, where the >>>> hostname file contains the .onion host name for the hidden service. >>>>=20 >>>> See the Tor project=E2=80=99s documentation for more information. >>>>=20 >>>>=20 >>>> I read several emails in the guix-help archive about Tor from 2019, >>>> but I don't know how to put that into practice. >>>>=20 >>>> Could somebody help me? >>>>=20 >>>> Gottfried >>>>=20 >>>=20 >> >> >>--=20 >>() ascii ribbon campaign - against html e-mail >>/\ www.asciiribbon.org - against proprietary attachments >> >>Why is HTML email a security nightmare? See https://useplaintext.email/ >> >>Please avoid sending me MS-Office attachments. >>See http://www.gnu.org/philosophy/no-word-attachments.html