Tor

From digisec.wiki English

Recommended tools

Tools that work with Tor Cross-platform[1] Freemium[2]

Brave is a privacy-focused internet browser built off the open-source Chromium codebase. The browser blocks invasive ads and cross-site trackers by default. Users also benefit from built-in functionalities for added security with automatic secure HTTP connections and Tor-based anonymous network routing. is available in desktop, Android, and iOS versions.

Yes


Briar is an open-source secure message app for Android. With Briar, users can send and receive messages through encrypted Bluetooth, WiFi, or Tor connections to avoid surveillance and censorship.



Onion Browser is a web browser that reroutes all traffic through the Tor network to protect privacy, circumvent surveillance, and evade censorship on the internet.



OnionShare is an open-source secure file-sharing tool that uses the Tor network to protect the users’ data and privacy.

Yes


Orbot is a proxy app for Android devices that reroutes internet traffic through the Tor network to protect the user’s privacy and identity online.



Proton VPN is a VPN service.

Yes

Yes

Riseup Email is a secure email service by activists for activists. Its security features include full-disk encryption, encrypted email storage, Onion routing, and more.[3]



Tails is an open-source portable computer operating system that protects users from surveillance and helps them circumvent censorship.



Tor Browser is an open-source private internet browser for Windows, macOS, Linux, and Android that protects users from tracking, surveillance, and censorship.



Tools that work with Tor Cross-platform Freemium

Onion service

Set up a website as an onion service on Debian-based Linux

  1. Switch to root user.
    sudo su -
    
  2. Install Tor.
    apt install tor -y
    
  3. Open the torrc file in a text editor.
    vi /etc/tor/torrc
    
  4. Edit the file as follows to point the .onion address to your public IP address, for example 123.45.67.890 using port 80 with the configuration files stored in /var/lib/tor/hidden_service/.
    SocksPort 0
    
    SocksPolicy reject *
    
    HiddenServiceDir /var/lib/tor/hidden_service/
    HiddenServicePort 80 123.45.67.890:80
    HiddenServiceVersion 3
    HiddenServiceNonAnonymousMode 1
    HiddenServiceSingleHopMode 1
    
  5. Hit the Esc key when done and save the changes.
    :wq
    
  6. Restart Tor.
    systemctl restart tor.service
    
  7. Obtain the .onion hostname.
    cat /var/lib/tor/hidden_service/hostname
    
  8. Copy the .onion hostname add it to your web server in configuration the same way how you would add a regular hostname. Don't forget to restart your web server service (eg Apache2 or Nginx).

Generate vanity .onion hostname using mkp224o on Debian-based Linux

  1. Install dependencies for mkp224o.
    apt install gcc libc6-dev libsodium-dev make autoconf -y
    
  2. Clone the mkp224o repository, generate the required Autotools infrastructure, configure, and compile the tool.
    cd 
    git clone https://github.com/cathugger/mkp224o.git
    cd mkp224o
    ./autogen.sh
    ./configure
    make
    
  3. Decide the filter that you want to use, i.e. the substring with which your vanity .onion hostname will start. Generate a key with a filter of your choice, for example, myname and keep the configuration files in /var/lib/tor.
    ./mkp224o myname -n 1 -d /var/lib/tor
    
    This may take a while depending on the length of the filter. A 5-character filter may take around 1 minute to generate, 6-character filter around 30 minutes, 7-character filter 1 day.
  4. Once completed, you should be able to view the generated vanity .onion hostname.
    ls -l /var/lib/tor
    
    If you need to generate a different one, repeat step 3.
  5. If you're fine with the generated vanity .onion hostname, adjust the ownership and permission of the files in that directory, for example, myname2yyefqg6lgqnz5s3osvscilqv5gz22iiulfv4utmuh6opqj7id.onion. should be owned by user debian-tor and group debian-tor.
    chown -R debian-tor:debian-tor /var/lib/tor/myname2yyefqg6lgqnz5s3osvscilqv5gz22iiulfv4utmuh6opqj7id.onion
    chmod -R u+rwX,og-rwx /var/lib/tor/myname2yyefqg6lgqnz5s3osvscilqv5gz22iiulfv4utmuh6opqj7id.onion
    
  6. Open the torrc file in a text editor.
    vi /etc/tor/torrc
    
  7. Replace hidden_service:
    HiddenServiceDir /var/lib/tor/hidden_service/
    
    With with the corresponding directory in step 5, for example myname2yyefqg6lgqnz5s3osvscilqv5gz22iiulfv4utmuh6opqj7id.onion:
    HiddenServiceDir /var/lib/tor/myname2yyefqg6lgqnz5s3osvscilqv5gz22iiulfv4utmuh6opqj7id.onion/
    
  8. Hit the Esc key when done and save the changes.
    :wq
    
  9. Restar Tor.
    systemctl restart tor.service
    
  10. Copy the vanity .onion hostname add it to your web server in configuration the same way how you would add a regular hostname. Don't forget to restart your web server service (eg Apache2 or Nginx)


Notes

  1. Cross-platform – you can install this tool on your desktop and mobile devices running popular operating systems.
  2. Freemium – this tool is available for free but additional storage, bandwidth, or features are available with a paid upgrade.
  3. Riseup Email requires an invite code to sign up.