how can I use "tor"

how can I use "tor"

[Gottfried]

[-- Attachment #1.1.1: Type: text/plain, Size: 4245 bytes --]

Hi Guixers,

I installed "tor, tor-client, torsocks". and
also I have "tor-service-type" in my config.scm.

Nevertheless it doesn't appear anywhere.

I would like to use the Tor server separately, not in Firefox, as Tor 
Website proposed.

gfp@Tuxedo ~$ tor
Jul 21 19:30:24.097 [notice] Tor 0.4.7.8 running on Linux with Libevent 
2.1.12-stable, OpenSSL 1.1.1q, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.5.0 
and Glibc 2.33 as libc.
Jul 21 19:30:24.097 [notice] Tor can't help you if you use it wrong! 
Learn how to be safe at 
https://support.torproject.org/faq/staying-anonymous/
Jul 21 19:30:24.098 [notice] Configuration file 
"/gnu/store/11azs9lmx363vi1vnz59aim5yp1rv2b9-tor-client-0.4.7.8/etc/tor/torrc" 
not present, using reasonable defaults.
Jul 21 19:30:24.106 [notice] Opening Socks listener on 127.0.0.1:9050
Jul 21 19:30:24.106 [warn] Could not bind to 127.0.0.1:9050: Address 
already in use. Is Tor already running?
Jul 21 19:30:24.106 [warn] Failed to parse/validate config: Failed to 
bind one of the listener ports.
Jul 21 19:30:24.106 [err] Reading config failed--see warnings above.

I guess, I have to set up other things as well, but I don't know what 
and how.

I didn't find enough information in the manual that makes it clear to me.
I found that in the manual:

10.8.4 Networking Services

Scheme Variable: tor-service-type
This is the type for a service that runs the Tor anonymous networking 
daemon. The service is configured using a <tor-configuration> record. By 
default, the Tor daemon runs as the tor unprivileged user, which is a 
member of the tor group.

Data Type: tor-configuration
tor (default: tor)

The package that provides the Tor daemon. This package is expected to 
provide the daemon at bin/tor relative to its output directory. The 
default package is the Tor Project’s implementation.

config-file (default: (plain-file "empty" ""))
The configuration file to use. It will be appended to a default 
configuration file, and the final configuration file will be passed to 
tor via its -f option. This may be any “file-like” object (see file-like 
objects). See man tor for details on the configuration file syntax.

hidden-services (default: '())
The list of <hidden-service> records to use. For any hidden service you 
include in this list, appropriate configuration to enable the hidden 
service will be automatically added to the default configuration file. 
You may conveniently create <hidden-service> records using the 
tor-hidden-service procedure described below.

socks-socket-type (default: 'tcp)
The default socket type that Tor should use for its SOCKS socket. This 
must be either 'tcp or 'unix. If it is 'tcp, then by default Tor will 
listen on TCP port 9050 on the loopback interface (i.e., localhost). If 
it is 'unix, then Tor will listen on the UNIX domain socket 
/var/run/tor/socks-sock, which will be made writable by members of the 
tor group.
If you want to customize the SOCKS socket in more detail, leave 
socks-socket-type at its default value of 'tcp and use config-file to 
override the default by providing your own SocksPort option.

control-socket? (default: #f)
Whether or not to provide a “control socket” by which Tor can be 
controlled to, for instance, dynamically instantiate tor onion services. 
If #t, Tor will listen for control commands on the UNIX domain socket 
/var/run/tor/control-sock, which will be made writable by members of the 
tor group.

Scheme Procedure: tor-hidden-service name mapping

Define a new Tor hidden service called name and implementing mapping. 
mapping is a list of port/host tuples, such as:

  '((22 "127.0.0.1:22")
    (80 "127.0.0.1:8080"))

In this example, port 22 of the hidden service is mapped to local port 
22, and port 80 is mapped to local port 8080.

This creates a /var/lib/tor/hidden-services/name directory, where the 
hostname file contains the .onion host name for the hidden service.

See the Tor project’s documentation for more information.


I read several emails in the guix-help archive about Tor from 2019, but 
I don't know how to put that into practice.

Could somebody help me?

Gottfried


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3191 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

Re: how can I use "tor"

[(]

On Thu Jul 21, 2022 at 6:49 PM BST, Gottfried wrote:
> I installed "tor, tor-client, torsocks".
You probably don't need to do this. Except maybe for tor-client? Not
sure, never used tor.

> also I have "tor-service-type" in my config.scm.
I think doing this and then `sudo guix system reconfigure
/etc/config.scm` /should/ be enough...?

  -- (

Re: how can I use "tor"

[Julien Lepiller]

Hi Gottfried,

you don't have to install tor or run it manually. The service is
already running tor for you. To use Tor, you need to use a socks proxy
to localhost:9050.

You can configure icecat to connect to that proxy (and then check that
you're actually connected through tor: https://check.torproject.org/
should say "Congratulations").

For other apps, you can use torsocks to proxy traffic through them, eg:

  torsocks wget \
  http://c25o7knygjm3m67jy27yuynvv4pkfi25naucscmh4ubq2ggiig3v57ad.onion/

(that's my home page)

Or, if they support it, you can configure the socks proxy directly in
their configuration.

HTH!

Le Thu, 21 Jul 2022 17:49:29 +0000,
Gottfried <gottfried@posteo.de> a écrit :

> Hi Guixers,
> 
> I installed "tor, tor-client, torsocks". and
> also I have "tor-service-type" in my config.scm.
> 
> Nevertheless it doesn't appear anywhere.
> 
> I would like to use the Tor server separately, not in Firefox, as Tor 
> Website proposed.
> 
> gfp@Tuxedo ~$ tor
> Jul 21 19:30:24.097 [notice] Tor 0.4.7.8 running on Linux with
> Libevent 2.1.12-stable, OpenSSL 1.1.1q, Zlib 1.2.11, Liblzma 5.2.5,
> Libzstd 1.5.0 and Glibc 2.33 as libc.
> Jul 21 19:30:24.097 [notice] Tor can't help you if you use it wrong! 
> Learn how to be safe at 
> https://support.torproject.org/faq/staying-anonymous/
> Jul 21 19:30:24.098 [notice] Configuration file 
> "/gnu/store/11azs9lmx363vi1vnz59aim5yp1rv2b9-tor-client-0.4.7.8/etc/tor/torrc" 
> not present, using reasonable defaults.
> Jul 21 19:30:24.106 [notice] Opening Socks listener on 127.0.0.1:9050
> Jul 21 19:30:24.106 [warn] Could not bind to 127.0.0.1:9050: Address 
> already in use. Is Tor already running?
> Jul 21 19:30:24.106 [warn] Failed to parse/validate config: Failed to 
> bind one of the listener ports.
> Jul 21 19:30:24.106 [err] Reading config failed--see warnings above.
> 
> I guess, I have to set up other things as well, but I don't know what 
> and how.
> 
> I didn't find enough information in the manual that makes it clear to
> me. I found that in the manual:
> 
> 10.8.4 Networking Services
> 
> Scheme Variable: tor-service-type
> This is the type for a service that runs the Tor anonymous networking 
> daemon. The service is configured using a <tor-configuration> record.
> By default, the Tor daemon runs as the tor unprivileged user, which
> is a member of the tor group.
> 
> Data Type: tor-configuration
> tor (default: tor)
> 
> The package that provides the Tor daemon. This package is expected to 
> provide the daemon at bin/tor relative to its output directory. The 
> default package is the Tor Project’s implementation.
> 
> config-file (default: (plain-file "empty" ""))
> The configuration file to use. It will be appended to a default 
> configuration file, and the final configuration file will be passed
> to tor via its -f option. This may be any “file-like” object (see
> file-like objects). See man tor for details on the configuration file
> syntax.
> 
> hidden-services (default: '())
> The list of <hidden-service> records to use. For any hidden service
> you include in this list, appropriate configuration to enable the
> hidden service will be automatically added to the default
> configuration file. You may conveniently create <hidden-service>
> records using the tor-hidden-service procedure described below.
> 
> socks-socket-type (default: 'tcp)
> The default socket type that Tor should use for its SOCKS socket.
> This must be either 'tcp or 'unix. If it is 'tcp, then by default Tor
> will listen on TCP port 9050 on the loopback interface (i.e.,
> localhost). If it is 'unix, then Tor will listen on the UNIX domain
> socket /var/run/tor/socks-sock, which will be made writable by
> members of the tor group.
> If you want to customize the SOCKS socket in more detail, leave 
> socks-socket-type at its default value of 'tcp and use config-file to 
> override the default by providing your own SocksPort option.
> 
> control-socket? (default: #f)
> Whether or not to provide a “control socket” by which Tor can be 
> controlled to, for instance, dynamically instantiate tor onion
> services. If #t, Tor will listen for control commands on the UNIX
> domain socket /var/run/tor/control-sock, which will be made writable
> by members of the tor group.
> 
> Scheme Procedure: tor-hidden-service name mapping
> 
> Define a new Tor hidden service called name and implementing mapping. 
> mapping is a list of port/host tuples, such as:
> 
>   '((22 "127.0.0.1:22")
>     (80 "127.0.0.1:8080"))
> 
> In this example, port 22 of the hidden service is mapped to local
> port 22, and port 80 is mapped to local port 8080.
> 
> This creates a /var/lib/tor/hidden-services/name directory, where the 
> hostname file contains the .onion host name for the hidden service.
> 
> See the Tor project’s documentation for more information.
> 
> 
> I read several emails in the guix-help archive about Tor from 2019,
> but I don't know how to put that into practice.
> 
> Could somebody help me?
> 
> Gottfried
> 

Re: how can I use "tor"

[Gottfried]

[-- Attachment #1.1.1: Type: text/plain, Size: 6104 bytes --]

Thanks,

I have taken a photo of my Icecat connection settings.

In order not to make a mistake, I am asking again, how to fill in this 
settings? (I still understand too little, that's why I prefer to ask 
before making mistakes)

As far as I understood you, Icecat will then run via Tor.
Is it possible to run Tor separately from Icecat, because as I wrote, 
the Tor Website discourages to use Tor in connection with other browsers.

Gottfried



Am 21.07.22 um 22:35 schrieb Julien Lepiller:
> Hi Gottfried,
> 
> you don't have to install tor or run it manually. The service is
> already running tor for you. To use Tor, you need to use a socks proxy
> to localhost:9050.
> 
> You can configure icecat to connect to that proxy (and then check that
> you're actually connected through tor: https://check.torproject.org/
> should say "Congratulations").
> 
> For other apps, you can use torsocks to proxy traffic through them, eg:
> 
>    torsocks wget \
>    http://c25o7knygjm3m67jy27yuynvv4pkfi25naucscmh4ubq2ggiig3v57ad.onion/
> 
> (that's my home page)
> 
> Or, if they support it, you can configure the socks proxy directly in
> their configuration.
> 
> HTH!
> 
> Le Thu, 21 Jul 2022 17:49:29 +0000,
> Gottfried <gottfried@posteo.de> a écrit :
> 
>> Hi Guixers,
>>
>> I installed "tor, tor-client, torsocks". and
>> also I have "tor-service-type" in my config.scm.
>>
>> Nevertheless it doesn't appear anywhere.
>>
>> I would like to use the Tor server separately, not in Firefox, as Tor
>> Website proposed.
>>
>> gfp@Tuxedo ~$ tor
>> Jul 21 19:30:24.097 [notice] Tor 0.4.7.8 running on Linux with
>> Libevent 2.1.12-stable, OpenSSL 1.1.1q, Zlib 1.2.11, Liblzma 5.2.5,
>> Libzstd 1.5.0 and Glibc 2.33 as libc.
>> Jul 21 19:30:24.097 [notice] Tor can't help you if you use it wrong!
>> Learn how to be safe at
>> https://support.torproject.org/faq/staying-anonymous/
>> Jul 21 19:30:24.098 [notice] Configuration file
>> "/gnu/store/11azs9lmx363vi1vnz59aim5yp1rv2b9-tor-client-0.4.7.8/etc/tor/torrc"
>> not present, using reasonable defaults.
>> Jul 21 19:30:24.106 [notice] Opening Socks listener on 127.0.0.1:9050
>> Jul 21 19:30:24.106 [warn] Could not bind to 127.0.0.1:9050: Address
>> already in use. Is Tor already running?
>> Jul 21 19:30:24.106 [warn] Failed to parse/validate config: Failed to
>> bind one of the listener ports.
>> Jul 21 19:30:24.106 [err] Reading config failed--see warnings above.
>>
>> I guess, I have to set up other things as well, but I don't know what
>> and how.
>>
>> I didn't find enough information in the manual that makes it clear to
>> me. I found that in the manual:
>>
>> 10.8.4 Networking Services
>>
>> Scheme Variable: tor-service-type
>> This is the type for a service that runs the Tor anonymous networking
>> daemon. The service is configured using a <tor-configuration> record.
>> By default, the Tor daemon runs as the tor unprivileged user, which
>> is a member of the tor group.
>>
>> Data Type: tor-configuration
>> tor (default: tor)
>>
>> The package that provides the Tor daemon. This package is expected to
>> provide the daemon at bin/tor relative to its output directory. The
>> default package is the Tor Project’s implementation.
>>
>> config-file (default: (plain-file "empty" ""))
>> The configuration file to use. It will be appended to a default
>> configuration file, and the final configuration file will be passed
>> to tor via its -f option. This may be any “file-like” object (see
>> file-like objects). See man tor for details on the configuration file
>> syntax.
>>
>> hidden-services (default: '())
>> The list of <hidden-service> records to use. For any hidden service
>> you include in this list, appropriate configuration to enable the
>> hidden service will be automatically added to the default
>> configuration file. You may conveniently create <hidden-service>
>> records using the tor-hidden-service procedure described below.
>>
>> socks-socket-type (default: 'tcp)
>> The default socket type that Tor should use for its SOCKS socket.
>> This must be either 'tcp or 'unix. If it is 'tcp, then by default Tor
>> will listen on TCP port 9050 on the loopback interface (i.e.,
>> localhost). If it is 'unix, then Tor will listen on the UNIX domain
>> socket /var/run/tor/socks-sock, which will be made writable by
>> members of the tor group.
>> If you want to customize the SOCKS socket in more detail, leave
>> socks-socket-type at its default value of 'tcp and use config-file to
>> override the default by providing your own SocksPort option.
>>
>> control-socket? (default: #f)
>> Whether or not to provide a “control socket” by which Tor can be
>> controlled to, for instance, dynamically instantiate tor onion
>> services. If #t, Tor will listen for control commands on the UNIX
>> domain socket /var/run/tor/control-sock, which will be made writable
>> by members of the tor group.
>>
>> Scheme Procedure: tor-hidden-service name mapping
>>
>> Define a new Tor hidden service called name and implementing mapping.
>> mapping is a list of port/host tuples, such as:
>>
>>    '((22 "127.0.0.1:22")
>>      (80 "127.0.0.1:8080"))
>>
>> In this example, port 22 of the hidden service is mapped to local
>> port 22, and port 80 is mapped to local port 8080.
>>
>> This creates a /var/lib/tor/hidden-services/name directory, where the
>> hostname file contains the .onion host name for the hidden service.
>>
>> See the Tor project’s documentation for more information.
>>
>>
>> I read several emails in the guix-help archive about Tor from 2019,
>> but I don't know how to put that into practice.
>>
>> Could somebody help me?
>>
>> Gottfried
>>
> 


-- 
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Why is HTML email a security nightmare? See https://useplaintext.email/

Please avoid sending me MS-Office attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

[-- Attachment #1.1.2: Proxy.png --]
[-- Type: image/png, Size: 78185 bytes --]

[-- Attachment #1.1.3: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3191 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

Re: how can I use "tor"

[Julien Lepiller]

You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?

If you don't want icecat to use tor, keep your current settings.

For using tor in icecat, in your network settings:

Select "Manuelle Proxy-Konfiguration"
SOCKS host is localhost, SOCKS port is 9050
Select SOCKS v5
Select "Bei Verwendung von SOCKS v5 den Proxy für DNS-Anfragen verwenden"

Then check with the tor project URL I sent you that you are connecting through tor.

Le 22 juillet 2022 16:57:40 GMT+02:00, Gottfried <gottfried@posteo.de> a écrit :
>Thanks,
>
>I have taken a photo of my Icecat connection settings.
>
>In order not to make a mistake, I am asking again, how to fill in this settings? (I still understand too little, that's why I prefer to ask before making mistakes)
>
>As far as I understood you, Icecat will then run via Tor.
>Is it possible to run Tor separately from Icecat, because as I wrote, the Tor Website discourages to use Tor in connection with other browsers.
>
>Gottfried
>
>
>
>Am 21.07.22 um 22:35 schrieb Julien Lepiller:
>> Hi Gottfried,
>> 
>> you don't have to install tor or run it manually. The service is
>> already running tor for you. To use Tor, you need to use a socks proxy
>> to localhost:9050.
>> 
>> You can configure icecat to connect to that proxy (and then check that
>> you're actually connected through tor: https://check.torproject.org/
>> should say "Congratulations").
>> 
>> For other apps, you can use torsocks to proxy traffic through them, eg:
>> 
>>    torsocks wget \
>>    http://c25o7knygjm3m67jy27yuynvv4pkfi25naucscmh4ubq2ggiig3v57ad.onion/
>> 
>> (that's my home page)
>> 
>> Or, if they support it, you can configure the socks proxy directly in
>> their configuration.
>> 
>> HTH!
>> 
>> Le Thu, 21 Jul 2022 17:49:29 +0000,
>> Gottfried <gottfried@posteo.de> a écrit :
>> 
>>> Hi Guixers,
>>> 
>>> I installed "tor, tor-client, torsocks". and
>>> also I have "tor-service-type" in my config.scm.
>>> 
>>> Nevertheless it doesn't appear anywhere.
>>> 
>>> I would like to use the Tor server separately, not in Firefox, as Tor
>>> Website proposed.
>>> 
>>> gfp@Tuxedo ~$ tor
>>> Jul 21 19:30:24.097 [notice] Tor 0.4.7.8 running on Linux with
>>> Libevent 2.1.12-stable, OpenSSL 1.1.1q, Zlib 1.2.11, Liblzma 5.2.5,
>>> Libzstd 1.5.0 and Glibc 2.33 as libc.
>>> Jul 21 19:30:24.097 [notice] Tor can't help you if you use it wrong!
>>> Learn how to be safe at
>>> https://support.torproject.org/faq/staying-anonymous/
>>> Jul 21 19:30:24.098 [notice] Configuration file
>>> "/gnu/store/11azs9lmx363vi1vnz59aim5yp1rv2b9-tor-client-0.4.7.8/etc/tor/torrc"
>>> not present, using reasonable defaults.
>>> Jul 21 19:30:24.106 [notice] Opening Socks listener on 127.0.0.1:9050
>>> Jul 21 19:30:24.106 [warn] Could not bind to 127.0.0.1:9050: Address
>>> already in use. Is Tor already running?
>>> Jul 21 19:30:24.106 [warn] Failed to parse/validate config: Failed to
>>> bind one of the listener ports.
>>> Jul 21 19:30:24.106 [err] Reading config failed--see warnings above.
>>> 
>>> I guess, I have to set up other things as well, but I don't know what
>>> and how.
>>> 
>>> I didn't find enough information in the manual that makes it clear to
>>> me. I found that in the manual:
>>> 
>>> 10.8.4 Networking Services
>>> 
>>> Scheme Variable: tor-service-type
>>> This is the type for a service that runs the Tor anonymous networking
>>> daemon. The service is configured using a <tor-configuration> record.
>>> By default, the Tor daemon runs as the tor unprivileged user, which
>>> is a member of the tor group.
>>> 
>>> Data Type: tor-configuration
>>> tor (default: tor)
>>> 
>>> The package that provides the Tor daemon. This package is expected to
>>> provide the daemon at bin/tor relative to its output directory. The
>>> default package is the Tor Project’s implementation.
>>> 
>>> config-file (default: (plain-file "empty" ""))
>>> The configuration file to use. It will be appended to a default
>>> configuration file, and the final configuration file will be passed
>>> to tor via its -f option. This may be any “file-like” object (see
>>> file-like objects). See man tor for details on the configuration file
>>> syntax.
>>> 
>>> hidden-services (default: '())
>>> The list of <hidden-service> records to use. For any hidden service
>>> you include in this list, appropriate configuration to enable the
>>> hidden service will be automatically added to the default
>>> configuration file. You may conveniently create <hidden-service>
>>> records using the tor-hidden-service procedure described below.
>>> 
>>> socks-socket-type (default: 'tcp)
>>> The default socket type that Tor should use for its SOCKS socket.
>>> This must be either 'tcp or 'unix. If it is 'tcp, then by default Tor
>>> will listen on TCP port 9050 on the loopback interface (i.e.,
>>> localhost). If it is 'unix, then Tor will listen on the UNIX domain
>>> socket /var/run/tor/socks-sock, which will be made writable by
>>> members of the tor group.
>>> If you want to customize the SOCKS socket in more detail, leave
>>> socks-socket-type at its default value of 'tcp and use config-file to
>>> override the default by providing your own SocksPort option.
>>> 
>>> control-socket? (default: #f)
>>> Whether or not to provide a “control socket” by which Tor can be
>>> controlled to, for instance, dynamically instantiate tor onion
>>> services. If #t, Tor will listen for control commands on the UNIX
>>> domain socket /var/run/tor/control-sock, which will be made writable
>>> by members of the tor group.
>>> 
>>> Scheme Procedure: tor-hidden-service name mapping
>>> 
>>> Define a new Tor hidden service called name and implementing mapping.
>>> mapping is a list of port/host tuples, such as:
>>> 
>>>    '((22 "127.0.0.1:22")
>>>      (80 "127.0.0.1:8080"))
>>> 
>>> In this example, port 22 of the hidden service is mapped to local
>>> port 22, and port 80 is mapped to local port 8080.
>>> 
>>> This creates a /var/lib/tor/hidden-services/name directory, where the
>>> hostname file contains the .onion host name for the hidden service.
>>> 
>>> See the Tor project’s documentation for more information.
>>> 
>>> 
>>> I read several emails in the guix-help archive about Tor from 2019,
>>> but I don't know how to put that into practice.
>>> 
>>> Could somebody help me?
>>> 
>>> Gottfried
>>> 
>> 
>
>
>-- 
>()  ascii ribbon campaign - against html e-mail
>/\  www.asciiribbon.org   - against proprietary attachments
>
>Why is HTML email a security nightmare? See https://useplaintext.email/
>
>Please avoid sending me MS-Office attachments.
>See http://www.gnu.org/philosophy/no-word-attachments.html

Re: how can I use "tor"

[Csepp]

Just a heads up, if you want proper anonymity, IceCat is almost
certainly a bad choice. All the weird custom addons and source level
modifications and the fact that very few people use it makes it *easier*
to de-anonymize you.
But if you just want to unblock some things or use onion addresses to
get around NATs, IceCat will be fine.
If you want actual anonymity, Tor Browser and Tails are better choices.

Julien Lepiller <julien@lepiller.eu> writes:

> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?
>
> If you don't want icecat to use tor, keep your current settings.
>
> For using tor in icecat, in your network settings:
>
> Select "Manuelle Proxy-Konfiguration"
> SOCKS host is localhost, SOCKS port is 9050
> Select SOCKS v5
> Select "Bei Verwendung von SOCKS v5 den Proxy für DNS-Anfragen verwenden"
>
> Then check with the tor project URL I sent you that you are connecting through tor.
>
> Le 22 juillet 2022 16:57:40 GMT+02:00, Gottfried <gottfried@posteo.de> a écrit :
>>Thanks,
>>
>>I have taken a photo of my Icecat connection settings.
>>
>>In order not to make a mistake, I am asking again, how to fill in
>> this settings? (I still understand too little, that's why I prefer
>> to ask before making mistakes)
>>
>>As far as I understood you, Icecat will then run via Tor.
>>Is it possible to run Tor separately from Icecat, because as I wrote,
>> the Tor Website discourages to use Tor in connection with other
>> browsers.
>>
>>Gottfried
>>
>>
>>
>>Am 21.07.22 um 22:35 schrieb Julien Lepiller:
>>> Hi Gottfried,
>>> 
>>> you don't have to install tor or run it manually. The service is
>>> already running tor for you. To use Tor, you need to use a socks proxy
>>> to localhost:9050.
>>> 
>>> You can configure icecat to connect to that proxy (and then check that
>>> you're actually connected through tor: https://check.torproject.org/
>>> should say "Congratulations").
>>> 
>>> For other apps, you can use torsocks to proxy traffic through them, eg:
>>> 
>>>    torsocks wget \
>>>    http://c25o7knygjm3m67jy27yuynvv4pkfi25naucscmh4ubq2ggiig3v57ad.onion/
>>> 
>>> (that's my home page)
>>> 
>>> Or, if they support it, you can configure the socks proxy directly in
>>> their configuration.
>>> 
>>> HTH!
>>> 
>>> Le Thu, 21 Jul 2022 17:49:29 +0000,
>>> Gottfried <gottfried@posteo.de> a écrit :
>>> 
>>>> Hi Guixers,
>>>> 
>>>> I installed "tor, tor-client, torsocks". and
>>>> also I have "tor-service-type" in my config.scm.
>>>> 
>>>> Nevertheless it doesn't appear anywhere.
>>>> 
>>>> I would like to use the Tor server separately, not in Firefox, as Tor
>>>> Website proposed.
>>>> 
>>>> gfp@Tuxedo ~$ tor
>>>> Jul 21 19:30:24.097 [notice] Tor 0.4.7.8 running on Linux with
>>>> Libevent 2.1.12-stable, OpenSSL 1.1.1q, Zlib 1.2.11, Liblzma 5.2.5,
>>>> Libzstd 1.5.0 and Glibc 2.33 as libc.
>>>> Jul 21 19:30:24.097 [notice] Tor can't help you if you use it wrong!
>>>> Learn how to be safe at
>>>> https://support.torproject.org/faq/staying-anonymous/
>>>> Jul 21 19:30:24.098 [notice] Configuration file
>>>> "/gnu/store/11azs9lmx363vi1vnz59aim5yp1rv2b9-tor-client-0.4.7.8/etc/tor/torrc"
>>>> not present, using reasonable defaults.
>>>> Jul 21 19:30:24.106 [notice] Opening Socks listener on 127.0.0.1:9050
>>>> Jul 21 19:30:24.106 [warn] Could not bind to 127.0.0.1:9050: Address
>>>> already in use. Is Tor already running?
>>>> Jul 21 19:30:24.106 [warn] Failed to parse/validate config: Failed to
>>>> bind one of the listener ports.
>>>> Jul 21 19:30:24.106 [err] Reading config failed--see warnings above.
>>>> 
>>>> I guess, I have to set up other things as well, but I don't know what
>>>> and how.
>>>> 
>>>> I didn't find enough information in the manual that makes it clear to
>>>> me. I found that in the manual:
>>>> 
>>>> 10.8.4 Networking Services
>>>> 
>>>> Scheme Variable: tor-service-type
>>>> This is the type for a service that runs the Tor anonymous networking
>>>> daemon. The service is configured using a <tor-configuration> record.
>>>> By default, the Tor daemon runs as the tor unprivileged user, which
>>>> is a member of the tor group.
>>>> 
>>>> Data Type: tor-configuration
>>>> tor (default: tor)
>>>> 
>>>> The package that provides the Tor daemon. This package is expected to
>>>> provide the daemon at bin/tor relative to its output directory. The
>>>> default package is the Tor Project’s implementation.
>>>> 
>>>> config-file (default: (plain-file "empty" ""))
>>>> The configuration file to use. It will be appended to a default
>>>> configuration file, and the final configuration file will be passed
>>>> to tor via its -f option. This may be any “file-like” object (see
>>>> file-like objects). See man tor for details on the configuration file
>>>> syntax.
>>>> 
>>>> hidden-services (default: '())
>>>> The list of <hidden-service> records to use. For any hidden service
>>>> you include in this list, appropriate configuration to enable the
>>>> hidden service will be automatically added to the default
>>>> configuration file. You may conveniently create <hidden-service>
>>>> records using the tor-hidden-service procedure described below.
>>>> 
>>>> socks-socket-type (default: 'tcp)
>>>> The default socket type that Tor should use for its SOCKS socket.
>>>> This must be either 'tcp or 'unix. If it is 'tcp, then by default Tor
>>>> will listen on TCP port 9050 on the loopback interface (i.e.,
>>>> localhost). If it is 'unix, then Tor will listen on the UNIX domain
>>>> socket /var/run/tor/socks-sock, which will be made writable by
>>>> members of the tor group.
>>>> If you want to customize the SOCKS socket in more detail, leave
>>>> socks-socket-type at its default value of 'tcp and use config-file to
>>>> override the default by providing your own SocksPort option.
>>>> 
>>>> control-socket? (default: #f)
>>>> Whether or not to provide a “control socket” by which Tor can be
>>>> controlled to, for instance, dynamically instantiate tor onion
>>>> services. If #t, Tor will listen for control commands on the UNIX
>>>> domain socket /var/run/tor/control-sock, which will be made writable
>>>> by members of the tor group.
>>>> 
>>>> Scheme Procedure: tor-hidden-service name mapping
>>>> 
>>>> Define a new Tor hidden service called name and implementing mapping.
>>>> mapping is a list of port/host tuples, such as:
>>>> 
>>>>    '((22 "127.0.0.1:22")
>>>>      (80 "127.0.0.1:8080"))
>>>> 
>>>> In this example, port 22 of the hidden service is mapped to local
>>>> port 22, and port 80 is mapped to local port 8080.
>>>> 
>>>> This creates a /var/lib/tor/hidden-services/name directory, where the
>>>> hostname file contains the .onion host name for the hidden service.
>>>> 
>>>> See the Tor project’s documentation for more information.
>>>> 
>>>> 
>>>> I read several emails in the guix-help archive about Tor from 2019,
>>>> but I don't know how to put that into practice.
>>>> 
>>>> Could somebody help me?
>>>> 
>>>> Gottfried
>>>> 
>>> 
>>
>>
>>-- 
>>()  ascii ribbon campaign - against html e-mail
>>/\  www.asciiribbon.org   - against proprietary attachments
>>
>>Why is HTML email a security nightmare? See https://useplaintext.email/
>>
>>Please avoid sending me MS-Office attachments.
>>See http://www.gnu.org/philosophy/no-word-attachments.html

Re: how can I use "tor"

[Gottfried]

[-- Attachment #1.1.1: Type: text/plain, Size: 945 bytes --]

Hi,
thanks a lot. It worked.
> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?

Exactly, that what I meant. I can't run Tor in Icecat. It doesn't make 
sense.

But in changing the settings in Icecat to using Tor, I understand, that 
it is like this. Tor is used in Icecat and there is not a separate Tor 
Browser. Am I right?

Gottfried




Am 22.07.22 um 17:20 schrieb Julien Lepiller:
> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?
> 
> If you don't want icecat to use tor, keep your current settings.
> 
> For using tor in icecat, in your network settings:
> 
> Select "Manuelle Proxy-Konfiguration"
> SOCKS host is localhost, SOCKS port is 9050
> Select SOCKS v5
> Select "Bei Verwendung von SOCKS v5 den Proxy für DNS-Anfragen verwenden"
> 
> Then check with the tor project URL I sent you that you are connecting through tor.


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3191 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

Re: how can I use "tor"

[Julien Lepiller]

No, there's no tor-browser on guix. Tor is running as a separate daemon and changing the settings instruct icecat to connect through the tor daemon.

Le 24 juillet 2022 12:04:47 GMT+02:00, Gottfried <gottfried@posteo.de> a écrit :
>Hi,
>thanks a lot. It worked.
>> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?
>
>Exactly, that what I meant. I can't run Tor in Icecat. It doesn't make sense.
>
>But in changing the settings in Icecat to using Tor, I understand, that it is like this. Tor is used in Icecat and there is not a separate Tor Browser. Am I right?
>
>Gottfried
>
>
>
>
>Am 22.07.22 um 17:20 schrieb Julien Lepiller:
>> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?
>> 
>> If you don't want icecat to use tor, keep your current settings.
>> 
>> For using tor in icecat, in your network settings:
>> 
>> Select "Manuelle Proxy-Konfiguration"
>> SOCKS host is localhost, SOCKS port is 9050
>> Select SOCKS v5
>> Select "Bei Verwendung von SOCKS v5 den Proxy für DNS-Anfragen verwenden"
>> 
>> Then check with the tor project URL I sent you that you are connecting through tor.
>

Re: how can I use "tor"

[Gottfried]

[-- Attachment #1.1.1: Type: text/plain, Size: 1538 bytes --]

Thanks for clearing up.

Would it be not a good idea to set up Tor Browser in Guix, that we would 
be able to use Tor only for certain webbrowsing and Icecat for the 
normal usage?

I don't know if somebody has time to do it.
Gottfried



Am 24.07.22 um 12:13 schrieb Julien Lepiller:
> No, there's no tor-browser on guix. Tor is running as a separate daemon and changing the settings instruct icecat to connect through the tor daemon.
> 
> Le 24 juillet 2022 12:04:47 GMT+02:00, Gottfried <gottfried@posteo.de> a écrit :
>> Hi,
>> thanks a lot. It worked.
>>> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?
>>
>> Exactly, that what I meant. I can't run Tor in Icecat. It doesn't make sense.
>>
>> But in changing the settings in Icecat to using Tor, I understand, that it is like this. Tor is used in Icecat and there is not a separate Tor Browser. Am I right?
>>
>> Gottfried
>>
>>
>>
>>
>> Am 22.07.22 um 17:20 schrieb Julien Lepiller:
>>> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?
>>>
>>> If you don't want icecat to use tor, keep your current settings.
>>>
>>> For using tor in icecat, in your network settings:
>>>
>>> Select "Manuelle Proxy-Konfiguration"
>>> SOCKS host is localhost, SOCKS port is 9050
>>> Select SOCKS v5
>>> Select "Bei Verwendung von SOCKS v5 den Proxy für DNS-Anfragen verwenden"
>>>
>>> Then check with the tor project URL I sent you that you are connecting through tor.
>>
> 

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3191 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

Re: how can I use "tor"

[Julien Lepiller]

Two issues:

First, the tor project is asking distros not to build the tor browser themselves. That includes Guix. That is because a build with Guix will make it distinguishable from the tor-browser built by the tor project.

Second, the tor-browser built by the tor project assumes FHS (/bir, /lib, etc) which guix doesn.t provide, so you can't run it directly.

Of course it's not great for anonymity since icecat is way more distinguishable than the tor-browser built by guix would be.

You could use different profiles in icecat, one with tor settings, one without. You can run icecat -P to select profiles.

Le 24 juillet 2022 12:20:25 GMT+02:00, Gottfried <gottfried@posteo.de> a écrit :
>Thanks for clearing up.
>
>Would it be not a good idea to set up Tor Browser in Guix, that we would be able to use Tor only for certain webbrowsing and Icecat for the normal usage?
>
>I don't know if somebody has time to do it.
>Gottfried
>
>
>
>Am 24.07.22 um 12:13 schrieb Julien Lepiller:
>> No, there's no tor-browser on guix. Tor is running as a separate daemon and changing the settings instruct icecat to connect through the tor daemon.
>> 
>> Le 24 juillet 2022 12:04:47 GMT+02:00, Gottfried <gottfried@posteo.de> a écrit :
>>> Hi,
>>> thanks a lot. It worked.
>>>> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?
>>> 
>>> Exactly, that what I meant. I can't run Tor in Icecat. It doesn't make sense.
>>> 
>>> But in changing the settings in Icecat to using Tor, I understand, that it is like this. Tor is used in Icecat and there is not a separate Tor Browser. Am I right?
>>> 
>>> Gottfried
>>> 
>>> 
>>> 
>>> 
>>> Am 22.07.22 um 17:20 schrieb Julien Lepiller:
>>>> You can't "run tor in icecat" that doesn't make sense. Maybe you meant something else?
>>>> 
>>>> If you don't want icecat to use tor, keep your current settings.
>>>> 
>>>> For using tor in icecat, in your network settings:
>>>> 
>>>> Select "Manuelle Proxy-Konfiguration"
>>>> SOCKS host is localhost, SOCKS port is 9050
>>>> Select SOCKS v5
>>>> Select "Bei Verwendung von SOCKS v5 den Proxy für DNS-Anfragen verwenden"
>>>> 
>>>> Then check with the tor project URL I sent you that you are connecting through tor.
>>> 
>> 

Re: how can I use "tor"

[Gottfried]

[-- Attachment #1.1.1: Type: text/plain, Size: 919 bytes --]

Hi,

thanks for all Information, I am very happy.

Would it be  a little bit safer to have Icecat in a container?

If so, how to set it up?

and will Guix automatically upgrade it, when it's in a container?

Gottfried


Am 24.07.22 um 12:47 schrieb Julien Lepiller:
> Two issues:
> 
> First, the tor project is asking distros not to build the tor browser themselves. That includes Guix. That is because a build with Guix will make it distinguishable from the tor-browser built by the tor project.
> 
> Second, the tor-browser built by the tor project assumes FHS (/bir, /lib, etc) which guix doesn.t provide, so you can't run it directly.
> 
> Of course it's not great for anonymity since icecat is way more distinguishable than the tor-browser built by guix would be.
> 
> You could use different profiles in icecat, one with tor settings, one without. You can run icecat -P to select profiles.

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3191 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]